Google's ad server "DoubleClick" served malware

ByLee Davy

Security research companyMalwarebytesConfirmed that there was a disturbing movement in the advertisement of a famous site and investigated and found that Google's advertisement distribution service "DoubleClick"Ad technology company"Zedo"It was discovered that malware was distributed from the ad server.

Large malvertising campaign under way involving DoubleClick and Zedo | Malwarebytes Unpacked
https://blog.malwarebytes.org/malvertising-2/2014/09/large-malvertising-campaign-under-way-involving-doubleclick-and-zedo/

Malwarebytes detected suspicious activity when "online streaming radio"Last.fm", The news site"The Times of Israel"Or"The Jerusalem PostWeb advertisement of prominent website such as. When opening the URL of the relevant site, a number of unusual warnings were issued from antivirus software and Malwarebytes' system. Malwarebytes conducts further investigations from Google's DoubleClick and Zedo ad serversWin32 / ZemotWe have found that the malware is being distributed.


Win32 / Zemot is a computer virus removal tool compatible with Windows distributed free of charge by Microsoft on 9th September 2014Malicious Software Removal Tool"ofMalware added to virus definition data. Deliver malware via advertisementMarubaizingAlthough it is not novelty, Win32 / Zemot is problematic when it is installed on PC via advertisement, Win32 / Zemot will be delivered this timePWS: Win32 / Zbot.gen! AP·Win32 / Rovnix·Win32 / Viknok·Win32 / TeschIt downloads another malware called PC to the PC.


Also, Jerome Seegura, a researcher of Malwarebytes, said: "The key to this malware discovery is that the website on which the ads were placed was not infected, It is that malware was delivered from DoubleClick and Zedo, "and warned the user that" large-scale attacks like this one are pretty rare and you should update anti-virus software to the latest version and respond to it " It was.

However, on September 19, two days after the problem was discovered, the problem was not confirmed in the advertisement of the relevant site and it seems that some response was made.