Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Malvertisers slam Forbes, Realtor with world's worst exploit kits

Attackers back after month-long major web conquest

Malvertisers have hit prominent websites Forbes and Realtor.com, redirecting victims to two of the world's worst exploit kits.

FireEye threat bods J. Gomez and Genwei Jiang reported eight Forbes URLs attached to news stories from 2012 and 2015, in one of the attacks.

Those pages bounced readers to a HTML file and onwards to either the Neutrino and Angler exploit kits which typically exploit nearly 40 percent of victims who encounter it.

The kits exploit Flash, Java, Silverlight and various browser vulnerabilities, with authors often finding or quickly incorporating zero day flaws.

"Malvertising continues to be an attack vector of choice for criminals making use of exploit kits," the pair say.

"By abusing ad platforms – particularly ad platforms that enable real time bidding – attackers can selectively target where the malicious content gets displayed."

Malwarebytes malvertising guru Jerome Segura reported the attack on Realtor.com which pulls in an estimated 28 million visitors a month.

Feature: Malware menaces poison ads as Google, Yahoo! look away.

The attackers in typical fashion bounced visitors who encountered the ads to the Angler exploit kit. They were able to get the ads on the website through real time bidding networks that fail to check the security integrity of creative.

Segura says the attackers were also responsible for a three-week long large malvertising attack last week which affected big ticket websites including eBay UK, the Druge Report, and Answers.com.

Malvertising is rampant; criminals are continually exploiting lax security checks of advertising and real time bidding networks to get their malicious code hosted on some of the world's biggest websites.

Advertising mechanisms are a soft attack vector in what could otherwise be typically tougher website defences. Websites rely on advertisers for cash flow and therefore are permitting advertiser network code to run on their sites.

This places websites at the mercy of ad networks which appear largely unwilling to fully clamp down on the security shortfalls. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like