Sophisticated cybercriminals are now using adverts to install malware into users’ computers. The latest discovery is the use of infected ads which exploit a flaw in the Flash Player to install malware.
A flaw in the Adobe Flash Player is being exploited by cybercriminals to install malware in the computers of users. In order to hide the malware, the developers of the infection are using adverts instead of regular emails and other techniques like infected links.
The reason why the malware is being installed through ads is because not many people would suspects that an ad which looks legitimate, and is on a big site can be carrying malware. The other reason why the cyber criminals are using adverts is because they can use a big advertising agent to spread their malware. The adverts company will place the ads in big websites and that is how websites like Huffington post were affected by this infection.
Ransomware is malware that is designed to fool the user into paying a ransom for something. It is software that has been designed to threaten the user and have the user pay a ransom for its removal to prevent some form of damage being visited on the user’s computer.
An example of ransomware is malware which reads through the user’s files and when it finds music it threatens arrest and prosecution for holding pirated files. The user is then asked to make a payment to the criminals. Other types of ransomware threaten to delete files from a user’s computer unless the user pays the cybercriminal.
The recent discovery unmasked an operation that has been ongoing for three months now. The campaign might therefore have affected millions of users of popular and trusted websites such as Answer.com.
Cybersecurity experts looking into the matter of these infections have found that the flaws being exploited were a second option. The first option for the developers of this malware was a flaw in windows. When Windows patched that, they move on swiftly to Adobe and exploited flaws there.
One might ask how the ransomware was able to go for three months undetected. Well, it turns out that the cybercriminals had anticipated that security experts were going to trap their malware in a virtual container to study it. When the malware detected a virtual container, it refrained from dropping its infection and therefore went past the virtual container undetected. The ransomware would only deploy when it knew it was infecting a user PC and not a lab computer which could study its behavior.
Cyber experts from Invencea note that there was no way for the adverting companies to know that the avderts were carrying malware, saying “It is important to note that the sites from which the malvertising were delivered are by and large unaware that their sites were used for delivering malware, and largely unable to do anything about it.”
However, Adobe has now patched the flaws that allowed the ransomware to go through within the end of last month (January 2015).
Top/Featured Image: By admin (http://nuevovirus.info/virus-blaster/) [Public domain], via Wikimedia Commons