Malware ads' steganography

A malicious online advertising campaign dubbed AdGholas threw malware at up to a million netizens a day, and infected thousands of Windows machines, for over a year, we're told.

AdGholas picked out normal users to attack, as opposed to security researchers investigating the code in virtual machines, by studying their language settings, timezones, and whether the OS was bundled with the PC, according to security biz Proofpoint.

The booby-trapped web ads used JavaScript and steganography to smuggle code onto systems via images, and then attempted to use that code to exploit common software vulnerabilities to install malware.

The campaign ran for more than a year from mid-2015 before it was uncovered and killed when ad networks were alerted to the dodgy banners. Researchers at Trend Micro also played a key role in picking apart the tainted ad scam. ®

Biting the hand that feeds IT © 1998–2021