Posted on 09/22/2014 10:47:02 AM PDT by Ernest_at_the_Beach
SECURITY OUTFIT MALWAREBYTES has warned of a malvertising attack that appears to be part of a large scale, ongoing campaign affecting a number of popular websites such as Last.fm.
Users are getting infected by the exploit kit that is hidden in online ads, which means they probably don't even know the payload is on their computer.
Malwarebytes said The Times of Israel and The Jerusalem Post were affected by the same attack campaign and looking further into it discovered "it is much bigger" than first thought because it involves doubleclick.net, a subsidiary of Google for online ads, and Zedo, a popular advertising agency.
The malware payload distributed to unsuspecting visitors was identified as Zemot by Microsoft in its Malicious software removal tool (MSRT) for September.
The Zemot Trojan downloaders are frequently used by malware with a number of different payloads. Microsoft said that recently, malware such as Win32/Rovnix, Win32/Viknok, and Win32/Tesch have begun using Zemot to distribute their malicious payloads.
"It is necessary for any real-time security software to effectively remediate these downloaders to prevent reinfection with these payloads," Microsoft said.
Zemot is often mass distributed to the payload URLs and uses several techniques to make sure the downloaded module will be successful on all Windows machines.
"What is important to remember is that legitimate websites entangled in this malvertising chain are not infected. The problem comes from the ad network agency itself," Malwarebytes said in a blog post. "We rarely see attacks on a large scale like this, so we highly recommend that people keep their systems up-to date, with current antivirus and anti-malware protection."
Malwarebytes said that the latest victim of this campaign is popular music streaming website Last.fm.
The firm said that it first detected this new attack pattern on 30 August, and the discovery is still developing, so it could be that even more websites are affected. µ
Using a computer is getting to be like wandering around in the crappiest neighborhood in your city, at 3 am on the darkest night of the month.
fyi
:)
Perhaps if doubleclick was subjected to a lawsuit by one or more victims, it would pay more attention to what it allows to be sent out.
bkm
Given the neighborhood of the WWW.
One should not pack all of the family jewels and personal information in the car when you go out into the neighborhood at any time.!!!!
At least here on FR we are safe, but there are probably a thousand links per day posted here, a minefield within you might say.
I have ad block plus, but from the brief summary in this article, it sounds as though it may be useless against this beast.
Soon I’ll have a linux box, building one for linux mint.
NoScript and AdBlock are your friends.
AdBlock Plus is the better one.
Just run your browser in a sandbox.
Another benefit from Host Manager; besides not having to see the stupid ads it also protects me from the malware in them.
Highly recommend a host manager to anyone who uses the internet!
The best thing people can do is run Linux, and from WITHIN Linux, run a Windows 7 Virtual machine. Create a snapshot of the ‘pristine’ Windows VM after it’s fully updated, and use it with IE for the internet, and any proprietary apps that might be needed. Save any data that you want to keep from Windows to a network share on your primary Linux machine, or a NAS(a USB drive would also work). At the end of every Internet session on the Windows VM, revert it to the pristine snapshot you created. If you got anything nasty, it will get wiped out by your snapshot. For those that may not understand, this is equivalent to reformatting your hard drive and reinstalling a fully updated Windows OS every time you use the internet, but it only takes seconds.
That should keep most anyone safe and free from malware, while still being able to use Windows, if necessary. There is ABSOLUTELY NO REASON to ‘dual boot’ anymore, as many people did for years in the past.
I am going to take a moment to complain about all the stupid images we have to look at while reading original sources on 1/2 the threads here on FR. Must be blogs but some are actual websites. Totally nauseating.
LOL, so much better than the nudes or obese, or actors and actesses I don’t know.
I’m impressed with the discussion in this thread. No idiots saying use a Mac or Linux they can’t be infected with malware. Looks like people are wising up to the issues that malware writers and a ignorant users combing make for issues on all platforms.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.