Malware infection spreads on tens of thousands of people from advertisements on major websites

ByLee Davy

By packaging the program "exploit code" for attacking security vulnerabilities and adding an attack program to the latest vulnerability at any time, the program which various attacks are set to be "Exploit kit(Exploit Kit) ". It was discovered on March 14, 2016 that a massive attack using the exploit kit was being executed. The content of the attack is to download the exploit kit by redirect from the Internet advertisement delivered to the major news site of the United States and it seems that malware is downloaded automatically automatically after downloading.

Massive Malvertising Campaign in US Leads to Angler Exploit Kit / BEDEP - TrendLabs Security Intelligence Blog
http://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-in-us-leads-to-angler-exploit-kitbedep/

Angler Takes Malvertising to New Heights
https://www.trustwave.com/Resources/SpiderLabs-Blog/Angler-Takes-Malvertising-to-New-Heights/

It is estimated that tens of thousands of Internet users in the US suffered damage in the last 24 hours only with the attack of downloading Angler Exploit Kit using Internet advertisement displayed on a major website.

According to Trend Micro of security software development, this malicious advertisement is distributed from the ad network which is used on the website many visitors, and as of March 14, 2016 when Trend Micro published this fact , It is still warning that malicious ads are being delivered and there is a risk that malware will be automatically downloaded to the PC of the user who viewed these ads.

"Malicious advertisement" seems to be such a look.


Trend Micro and the same security companiesTrustwaveHas revealed that major websites on which malicious advertisements are displayed are "answers.com", "zerohedge.com", "infolinks.com" and so on,Ars TechnicaAccording to the company, companies such as "The New York Times", "BBC", "MSN", "AOL" are also damaged. Both Trend Micro and Trustwave are stating that "the website side is a victim" to the last.

"In my analysis, once I load a page and display a malicious advertisement, the ad will automatically redirect to two malicious servers and download the Angler Exploit kit to the user's PC," said Trend Micro Researcher, I will do it. "


Discover the part related to the first redirect processing from the source code.


The second redirect is like this. Angler Exploit kit download will start from here


Angler Exploit Kit is one of the exploit kit raging in 2015, and recently it has been updated vigorously, as code adding new vulnerabilities was added. The following graph shows the number of activities of Angler Exploit Kit found during the period from March 9th to 13th, the number was doubled on the 13th, and malicious advertisement began to be distributed from here You can guess what it is.


According to Trend Micro, downloaded Angler Exploit Kit is backdoor malware "BEDEP"And downloading malware directly from" TROJ_AVRECON ". Also,Malwarebytes LabsAccording to this attack, it seems that the networks possessed by Google, AppNexis, AOL, Rubicon are affected.

Although Angler Exploit Kit is known to exploit vulnerabilities such as Adobe Flash and Microsoft Silverlight, Trend Micro recommends updating security patches.