Large-scale malvertising campaign hidden in online ads hits Last.fm

SECURITY OUTFIT MALWAREBYTES has warned of a malvertising attack that appears to be part of a large scale, ongoing campaign affecting a number of popular websites such as Last.fm.

Users are getting infected by the exploit kit that is hidden in online ads, which means they probably don't even know the payload is on their computer.

Malwarebytes said The Times of Israel and The Jerusalem Post were affected by the same attack campaign and looking further into it discovered "it is much bigger" than first thought because it involves doubleclick.net, a subsidiary of Google for online ads, and Zedo, a popular advertising agency.

The malware payload distributed to unsuspecting visitors was identified as Zemot by Microsoft in its Malicious software removal tool (MSRT) for September.

The Zemot Trojan downloaders are frequently used by malware with a number of different payloads. Microsoft said that recently, malware such as Win32/Rovnix, Win32/Viknok, and Win32/Tesch have begun using Zemot to distribute their malicious payloads.

"It is necessary for any real-time security software to effectively remediate these downloaders to prevent reinfection with these payloads," Microsoft said.

Zemot is often mass distributed to the payload URLs and uses several techniques to make sure the downloaded module will be successful on all Windows machines.

"What is important to remember is that legitimate websites entangled in this malvertising chain are not infected. The problem comes from the ad network agency itself," Malwarebytes said in a blog post. "We rarely see attacks on a large scale like this, so we highly recommend that people keep their systems up-to date, with current antivirus and anti-malware protection."

Malwarebytes said that the latest victim of this campaign is popular music streaming website Last.fm.

The firm said that it first detected this new attack pattern on 30 August, and the discovery is still developing, so it could be that even more websites are affected. µ

The best thing people can do is run Linux, and from WITHIN Linux, run a Windows 7 Virtual machine. Create a snapshot of the ‘pristine’ Windows VM after it’s fully updated, and use it with IE for the internet, and any proprietary apps that might be needed. Save any data that you want to keep from Windows to a network share on your primary Linux machine, or a NAS(a USB drive would also work). At the end of every Internet session on the Windows VM, revert it to the pristine snapshot you created. If you got anything nasty, it will get wiped out by your snapshot. For those that may not understand, this is equivalent to reformatting your hard drive and reinstalling a fully updated Windows OS every time you use the internet, but it only takes seconds.

That should keep most anyone safe and free from malware, while still being able to use Windows, if necessary. There is ABSOLUTELY NO REASON to ‘dual boot’ anymore, as many people did for years in the past.

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.