Nico Nico Douga's Fake FlashPlayer The cause of advertisement is micro-add, malicious malware distribution method is like this

Let's install malicious software (malware) that is completely unrelated, as if it should be updated as if FlashPlayer should be updated by saying "This page can not be displayed! Update to the latest version of Flash Player!" An advertisement to be displayed will be displayed in Nico Nico video from Thursday, 19 JuneA fussIt was announced that the cause was the ad script distributed from the advertisement network of MicroAd Inc. about the matter which became it.

About malware via micro ad company advertisement - Nico Nico Info
http://blog.nicovideo.jp/niconews/ni046930.html

As a result of the investigation, it will be delivered from the advertising network of MicroAd Inc.
Since it was displayed by the script embedded in the advertisement,
In addition to contacting MicroAd Inc.,
We blocked communication with the relevant advertising network by noon on June 19th (Thursday).

Although there is no further damage extent at the moment, it is said that guidance will be given in the future, such as the recovery method for users who already installed malware and the way to judge whether they were damaged in the first place .

In addition, regarding this case, it is also announced as follows on the page of MicroAd Inc.

«About advertisement display induced to malicious site»
http://www.microad.co.jp/info/info20140619.html

The event that the advertisement display which was guided to the malicious Web site mentioned above was reported in some medium company which is using our company's advertisement distribution service "MediaAdAdFunnel" for media company was reported.
This event promotes users to a malicious WEB site where certain advertisements fool the Flash Player download site and urges download of malicious programs.
Since the problematic advertisement confirmed that the advertisement distribution was done through our advertisement distribution service from the US advertising company that we are affiliated with, we will be informed about 10:00 on June 19 We stopped advertising distribution from the relevant company to the company.
Regarding this event, we have received reports from the affiliated U.S. business enterprises that we have identified all relevant domains and associated stop cessation.

"MicroAd AdFunnel" itself also accepts advertisement distribution from various other advertising networks, and according to the above-mentioned text, "Advertisement that delivers this malware via another advertising network using micro add network is delivered In other words, it is understood that "management of micro ads was not thorough".

In the first place, Symantec, famous for Norton Anti-Virus, is discussing on the official blog about what kind of malware this time is.

Nico Nico Users Redirected to Fake Flash Player | Symantec Connect Community
http://www.symantec.com/connect/blogs/nico-nico-users-redirected-fake-flash-player

First of all, this is a malicious advertisement that seems to have to install FlashPlayer, which was delivered via microadd


If you click "OK" here, it will be skipped to the following site. McAfee's antivirus software also has no choice as to whether or not to install it, but the point is that the rest is made exactly like a real monster.


In this state further proceeding "When you press the Accept button with fake Flash Player, unnecessary software is a bunch of turbo! Identity of setup.exe - Untitled dark log (new) - Yahoo! ブ ロ グAs described in "Installation Screen" below appears.


When clicking as it is it will display browser hijacker "Search Protect", an error warning will be displayed, "RegClean Pro" will guide you to purchase a paid version, "MyPCBackup" will guide you to register online storage service, display a virus infection warning and purchase a paid version "System Speedup" which displays an error warning and guides you to purchase a paid version, adware "Buzz-It" "Plus-HD" that embeds advertisements on the website you are watching, Remote Desktop The software "VuuPC" will be installed. If you have already installed it, you need to uninstall these malware / adware.


Please note that the official Twitter account of Adobe has announced the following that says where you download the correct FlashPlayer for this case.

[Breaking News] There is a report on the page that tries to install a malicious program from a page very similar to our update site of Adobe Flash Player. The correct update page is here.http://t.co/qtXp8cDHBaPlease be careful not to make a mistake.

- Adobe Support (@ AdobeSupportJ)2014, June 19

2014/06/20 15:22 Addendum

We released a detailed release on cause and occurrence time of microadd.

«About the addition of press release on advertisement delivery failure» | MicroAd

The cause of the occurrence is that "Yahoo! AdExchange" operated by Yahoo! in the US via "MicroAd AdFunnel" is caused by the incorporation of specific malicious advertisements when distributing advertisements towards Japan, The date and time of occurrence is from 0 o'clock on June 19 th until around 8 a.m. on June 19 th. "We are currently disconnecting from the relevant ad exchanges and there is no further damage increase".