Jump to content
Sign Up To Remove Ads!

Archived

This topic is now archived and is closed to further replies. Want this topic removed from the archive?

rbear

Big-Name Sites Hit By Rash Of Malicious Ads Spreading Crypto Ransomware

Recommended Posts

 rbear    240

Normally I wouldn't write about things like this, however, its really scarry out there. Take for instance just visiting a news site can install these things.. I have bolded what I have been infected with before for about 8 months or more before, finally detecting it. It was auto installed numerous times, sometimes without any ability to stop it. Basically, file dl's automatically from just visiting a website, auto opens and installs ???. You go back to look for the files wherever, they are not there. Every now and then the original dl is there, other times it self deletes. Anyhow you get the idea.., on to the story. Also somehow the json files auto scan and infect your products with non legit updates, presumably to take your clipboard.

---------------------

Mainstream websites are falling victim to a new rash of malicious ads that attempt to surreptitiously install crypto ransomware and other malware on the computers of unsuspecting visitors, security firms warned. 

The tainted ads may have exposed tens of thousands of people over the past 24 hours alone, according to a blog post published Monday by Trend Micro. The new campaign started last week when "Angler," a toolkit that sells exploits for Adobe Flash, Microsoft Silverlight, and other widely used Internet software, started pushing laced banner ads through a compromised ad network. 

According to a separate blog post from Trustwave's SpiderLabs group, one JSON-based file being served in the ads has more than 12,000 lines of heavily obfuscated code. When researchers deciphered the code, they discovered it enumerated a long list of security products and tools it avoided in an attempt to remain undetected. 

"If the code doesn't find any of these programs, it continues with the flow and appends an iframe to the body of the html that leads to Angler EK [exploit kit] landing page," SpiderLabs researchers Daniel Chechik, Simon Kenin, and Rami Kogan wrote. "Upon successful exploitation, Angler infects the poor victim with both the Bedep trojan and the TeslaCrypt ransomware–double the trouble." 

continues

Share this post


Link to post
Share on other sites

×