In case you have noticed, malicious ads have popped up on Yahoo, Amazon, and YouTube. Obviously, this latest anomaly is part of unidentified scammers’ sophisticated campaign to further spread the malware.
When the malicious ads are encountered, those may cause redirection to another Website aside from any of the three identified. That online site where users are redirected then triggers a download of files based on whether the PC runs on Apple’s OS X or Microsoft’s Windows.
This network of malicious ads has been codenamed ‘Kyle and Stan.’ That is because those two names appear in subdomains of over 700 sites that the attackers have specifically set up for the purpose of distributing the malware.
How the malware works
According to experts at Cisco, the huge volume of domains facilitates the use of a specific domain for a short time. It then burns it and moves on to use another for possible attacks in the future. This helps in avoiding reputation and blacklisting based on the popular security solutions today.
Based on the analysis of the networking solutions provider, when a malware victim is redirected to an ad, the PC then downloads a malware with unique checksum. It is harder to be detected by any security software. The same download may also have legitimate software like a media player. As usual, for a user to be infected, he must first open a file.
Advice to be cautious
If there is one consolation, experts at Cisco are thankful that this malware does not use drive-by exploits. The attackers are reliant on social engineering techniques to convince victims to install the malicious software package.
Interestingly, Cisco initially detected Kyle and Stan network as early as May this year. It had already warned unsuspecting users about the possible hassled and danger that come along with the malicious ads. However, despite that, the attacks have managed to continue until it becomes more prevalent these days.
The experts remind us that the well-engineered malware delivery system may not be taken down unless the masterminds behind it are exposed and curtailed. Thus, for now, online users are advised to be extra cautious especially when logging in to any of the three identified affected Websites.