Malvertising campaign on popular site leads to Silverlight exploit, Zeus Trojan

[fredlaso]

Malicious ads displayed on legitimate websites (malvertising) are something we see a lot of these days.

Website owners have grown to have a love/hate relationship with adverts because on the one hand advertising they are a substantial source of revenues but on the other they are often cause for a lot of troubles.

Site owners use a multitude of different third-party providers which they have trusted over time. However, third-party content is always a bit iffy because you just can’t control it.

Case in point, a popular website recently suffered a malvertising attack. Our honeypots detected the malicious redirection from a compromised ad in the wee hours of last Friday morning.

We contacted both the site owners and the advertising agency and the malicious traffic stopped shortly after.

Over the course of the weekend and the beginning of the week, we exchanged some further emails to get a better understanding about the attack, which turned out to be an Ad server compromise (more details later).

On Monday, Cisco published a blog post about what they said was a wider use of Microsoft Silverlight for exploitation, in particular with the Angler exploit kit.

The use of Silverlight in exploit kits and its preference to other plugins (or not) isn’t the point of this article. We will mainly try to study a particular attack and provide some technical details.

We hope the information can help out both site owners, advertisers and the general public in better understanding the malvertising threat and how to mitigate it.

More here: https://blog.malwarebytes.org/exploits-2/2014/05/malvertising-campaign-on-popular-site-leads-to-silverlight-exploit-zeus-trojan/

[Mr Orus]

Session wrong. Content of the article is missing. The article is old from may. Thread closed.