By: Linda L. Goodman
Hitting the news today is a large-scale Google malvertising campaign. A Google advertising partner redirected users from an otherwise legitimate ad to a Website intended to install malware on users’ computers. Security researchers from Dutch security firm Fox-IT observed the malvertising campaign last Tuesday, when ads coming through a Google partner in Bulgaria called Engage Lab started redirecting users to the Nuclear Exploit Kit. Exploit kits are Web-based platforms that exploit vulnerabilities in browsers and browser plug-ins in order to infect users’ computers with malware. Adobe Flash Player, Oracle Java and Microsoft Silverlight all have plug-ins subject to this exploitation. According to Fox-IT researcher, Maarten van Dantzig, Fox-IT “detected a relatively large amount of infections and infection attempts from this exploit kit among our customers.”
Initially, Fox-IT researcher, Maarten van Dantzig, said Tuesday in a blog post. “It appears as if all of engagelab.com, its advertisement and zone ID’s, are currently redirecting to a domain, which in turn is redirecting to the Nuclear Exploit Kit, indicating a possible compromise at this reseller of Google advertisement services. The rogue redirects stopped later in the day, suggesting that either Google or Engage Lab took action.” Later he added, “After analysis the payload has been identified as Pony Loader, malware able to steal credentials and install other types of malware.”
Google and Engage Lab have not responded to media requests for comment.
Malvertising has been a consistent and growing problem for several years and this incident reiterates that even large advertising networks, claiming to have the best defenses in place, are not entirely secure. What is disturbing about this latest attack was that they are using legitimate marketers and online merchants as pawns. Whereas in the past, users had to visit obscure websites in order to get infected, now they need only click through what appears to be a legitimate ad from a trusted website. Thus, once attackers manage to get malicious ads onto a large advertising network, those ads are displayed on popular and trusted websites.
Because a typical online advertisement goes through five or six intermediaries before being displayed in a user’s browser, it can be replaced with a malicious one at any point in that chain. Each player in the link can claim they have no control over what ads will be displayed on their websites. The recommendation is that you make sure this issue is addressed in your contracts with even large ad networks.
See the original report at http://www.channelworld.in/news/large-scale-google-malvertising-campaign-hits-users-with-exploits#sthash.PLbhI47Q.1qka1T4l.dpuf.
______________________________________________________________________
This article is a publication of The Goodman Law Firm and is intended to provide information on recent legal developments. This article does not create an attorney-client relationship, nor should it be construed as legal advice or an opinion on specific situations. This may constitute “Attorney Advertising” under the Rules of Professional Conduct and under the law of other jurisdictions.
© 2015 TGLF, A.P.C.