Menu
Large-scale Google malvertising campaign hits users with exploits

Large-scale Google malvertising campaign hits users with exploits

A Google ad reseller in Bulgaria was potentially compromised

A large number of ads distributed by a Google advertising partner redirected users to Web-based exploits that attempted to install malware on users' computers.

Security researchers from Dutch security firm Fox-IT observed the malvertising campaign Tuesday, when ads coming through a Google partner in Bulgaria called Engage Lab started redirecting users to the Nuclear Exploit Kit.

Exploit kits are Web-based attack platforms that try to exploit vulnerabilities in browsers and browser plug-ins in order to infect users' computers with malware. The Nuclear Exploit Kit specifically targets vulnerabilities in Adobe Flash Player, Oracle Java and Microsoft Silverlight.

"It appears as if all of engagelab.com, its advertisement and zone ID's, are currently redirecting to a domain, which in turn is redirecting to the Nuclear Exploit Kit, indicating a possible compromise at this reseller of Google advertisement services," Fox-IT researcher Maarten van Dantzig said Tuesday in a blog post.

The rogue redirects stopped later in the day, suggesting that either Google or Engage Lab took action.

Google and Engage Lab did not immediately respond to requests for comment.

It's unclear how many websites and users were affected, but according to Dantzig, Fox-IT "detected a relatively large amount of infections and infection attempts from this exploit kit among our customers."

The Fox-IT researchers have yet to identify the specific malware program distributed through the campaign.

Malvertising has been a growing problem for years and despite large advertising networks claiming to have sophisticated defenses in place, attackers still find ways to bypass them.

These attacks are particularly dangerous, because users don't need to visit obscure websites in order to get infected. Once attackers manage to push malicious ads onto a large advertising network, those ads get displayed on popular, generally trusted websites.

A 2014 investigation into malvertising by the U.S Senate concluded that "the online advertising industry has grown in complexity to such an extent that each party can conceivably claim it is not responsible when malware is delivered to a user's computer through an advertisement."

That's because a typical online advertisement goes through five or six intermediaries before being displayed in a user's browser and it can be replaced with a malicious one at any point in that chain. Website owners also have no control over what ads will be displayed on their websites, the U.S. Senate said.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Fox-ITonline safetyEngage LabGooglesecurityExploits / vulnerabilitiesmalware

Slideshows

Meet the leading HP partners in New Zealand...

Meet the leading HP partners in New Zealand...

HP has recognised its top performing partners in New Zealand at the second annual 2016 HP Partner Awards, held at a glittering bash in Auckland. The HP Partner Awards recognises and celebrates excellence, growth, consistency and engagement of its top partners. This year also saw the addition of several new categories, resulting in 11 companies winning across 11 award categories.

Meet the leading HP partners in New Zealand...
Channel comes together as Ingram Micro Showcase hits Auckland

Channel comes together as Ingram Micro Showcase hits Auckland

Ingram Micro outlined its core focuses for 2017 at Showcase in Auckland, bringing together the channel for a day of engaging keynotes, compelling breakout sessions and new technologies.

Channel comes together as Ingram Micro Showcase hits Auckland
Show Comments