The cyber-attack routes through advertising platforms to target popular websites, with researchers noting breaches on Bejewelled Blitz on Facebook, CNN Indonesia, the official websites of Prague Airport and RTL Television Croatia, as well as Detik and AASTOCKS.
The Websense Labs team discovered the attack utilises open advertising platform OpenX, which sees up to 100 billion impressions per month, to compromise and inject malicious code which is spread to multiple websites. The injected code leads to a redirect which has been seen to lead to the highly prevalent Angler Exploit Kit, which exploited the latest Adobe Flash Player vulnerability (CVE-2015-3090), distributed CryptoWall 3.0, Bedep and Necurs, as well as a Trojan known as 'Bunitu.'
The Bunitu malware dropped by Angler 'Zombifies' computers, by causing infected machines to act as a proxy. This enables it to be used for subsequent malicious activity and allows cybercriminals to hide behind legitimate users' machines to avoid detection by the authorities.
Carl Leonard, principal security analyst at Raytheon/Websense, said: `Advertising networks are an increasingly popular focus for cybercriminals, as they open up avenues to infect millions of users with minimal effort.
Read original article
No comments:
Post a Comment