Malvertising: Ads On eBay And Drudge Report Used To Infect Millions Of Internet Users
A cyber criminal group that used popular websites such as eBay, Answers.com and Drudge Report was involved in one of the longest running campaigns to infect millions of Internet users, a security firm said.
Malvertising, which is essentially booby-trapped advertisements, is a cheap and effective way of infecting several Internet users. Although such a campaign doesn’t last for a long time, Malwarebytes, a security firm analyzing malvertising, recently discovered a campaign that has lasted for about three weeks.
Jerome Segura, senior security researcher at Malwarebytes, says that a campaign that has lasted for this long could have affected a lot of people. As reported by Motherboard, he said, “This is a reminder to all of us in the security industry that there are a lot of campaigns that are going on that we’re not aware of. And it really makes us wonder, how much are we really seeing?”
While the advertisements used in this case did not contain any infected or malicious code, but they redirected users to other pages that tried to install the Angler Exploit Kit in the background on their devices while they browsed eBay or Drudge Report. Segura said while it is hard to determine how many people would have been infected by this campaign, it can be estimated that devices of around 40 percent users that installed Angler Exploit Kit were exposed to malvertising.
“At the end of the day, the problem isn’t really in the ad itself,” Segura said. “The ad is the vehicle to load the malware, but the real problem is the fact that computers are vulnerable and are not patched.”