Members
  • Total Members: 12809
  • Latest: Dorel
Stats
  • Total Posts: 28477
  • Total Topics: 8238
  • Online Today: 797
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Malwaretised ads on YouTube for 113.000 U.S. citizens, just for one month...  (Read 534 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Malicious advertisements, some of which were displayed on YouTube, redirected more than 113,000 people in the U.S. to harmful websites in just a month, Trend Micro said Tuesday.

Although online advertising companies try to detect and block such ads from being circulated on their networks, bad ones sometimes get through. Such ads can be very productive for hackers. It can mean a large pool of victims if shown on a high-traffic website.

“This was a worrying development: Not only were malicious ads showing up on YouTube, they were on videos with more than 11 million views—in particular, a music video uploaded by a high-profile record label,” wrote Joseph Chen, a fraud researcher, on Trend Micro’s blog: http://blog.trendmicro.com/trendlabs-security-intelligence/youtube-ads-lead-to-exploit-kits-hit-us-victims/

Google, which owns YouTube, did not have an immediate comment.

Chen wrote that users viewing the ads were bounced through two servers in the Netherlands before landing on the malicious server, which is located in the U.S.

That server had the Sweet Orange exploit kit installed. Sweet Orange checks if the computer has one of four vulnerabilities affecting Internet Explorer, Java or Adobe Systems’ Flash application.

If the attack is successful, the kit delivers malware from the KOVTER family, which has been used in the past for ransomware, Chen wrote. Those attacks try to extort a victim by either encrypting their files or tricking them into paying a fine.

The KOVTER malware is hosted on a subdomain of a Polish government site that has been hacked, Chen wrote. The attackers had also modified DNS (Domain Name System) information on that site by adding subdomains that led to their own servers, but the method used to accomplish that was unclear, Chen wrote.

(PCW)


By the way, I don't know is this somehow related to Devvie's problem here: http://scforum.info/index.php/topic,9316.0.html


Samker's Computer Forum - SCforum.info





 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising