According to a third-quarter report from anti-malware firm Dasient, drive-by-downloads and rogue anti-virus schemes are the most popular methods of malware distribution. More than 1.2 million websites were infected with malware last quarter, doubling the malware infection rate of the same quarter a year ago. A great example of this occurred last week when Microsoft and Google were handing out cheery holiday advertisements laced with poison in the form of drive-by-download malware.
Cybercriminals managed to trick the world's two largest ad serving platforms, DoubleClick and MSN (rad.msn.com), into serving malware via drive-by download exploits. According to Armorize Technologies, a security solutions firm, the cybercriminals registered a domain that was one letter off from the legitimate ADShuffle.com, and then duped the advertising networks into serving their malicious banner ads.
The malicious ads first appeared on Dec. 3 through Google-owned DoubleClick, but ADShufffle kept changing the malware types. On Dec. 10, Armorize confirmed that Microsoft's Hotmail service was serving malicious ads through rad.msn.com. Microsoft's adCenter network, formerly known as MSN adCenter, is the division of MSN responsible for MSN's advertising services. Known Microsoft sites that were affected with the malvertising attack included mail.live.com, msnbc.com and realestate.msn.com. Target gift card banner ads are an example of the targeted ads that cybercriminals tainted with malware for drive-by-download attacks.
Huang said, "We reached out to DoubleClick and in less than a few hours time they arranged a meeting with a group of their experts on anti-malvertising and incidence response. We were very surprised and impressed with the speed that DoubleClick acted. We provided details, and DoubleClick said they were already on top of the issue."
Microsoft did not respond to my questions before the posting of this article.
Since cybercriminals were able to dupe the two largest and well-respected ad serving platforms to accomplish the drive-by downloads, it shows how fast the security ecosystem can be poisoned. Attackers used the Eleonore exploit pack and the Neosploit package on known vulnerabilities on high profile sites. Although the DoubleClick and Microsoft malvertising episode is over, cybercriminals are registering more domains. Armorize suspects that cybercriminals will probably attack other networks as well.
Image Credits: In-Depth Research posted on Armorize Blog
Like this? Check out these other posts:
- All of today's Microsoft news and blogs
- FBI Spied and Lied, Misled Justice Department on Improper Surveillance of Peace Groups
- EFF Warns of Untrustworthy SSL, Undetectable Surveillance
- Traveler to TSA: If you touch my junk, I'll have you arrested
- TSA: Show Us Your Body Or We'll Feel You Up
- ACLU Report: Spying on Free Speech Nearly At Cold War Level
- Full-Body X-Ray Scanners Driving Down A Street Near You?
- Police State of Wiretapping the Web: Who Do THEY Want to Watch?
- BLADE: Software Weapon to Cut the Wicked Heart out of Drive-by Malware
- Scary: Police State Comes to Walmart via DHS Videos
Follow me on Twitter @PrivacyFanatic