Menu
Large-scale Google malvertising campaign hits users with exploits

Large-scale Google malvertising campaign hits users with exploits

A Google ad reseller in Bulgaria was potentially compromised

A large number of ads distributed by a Google advertising partner redirected users to Web-based exploits that attempted to install malware on users' computers.

Security researchers from Dutch security firm Fox-IT observed the malvertising campaign Tuesday, when ads coming through a Google partner in Bulgaria called Engage Lab started redirecting users to the Nuclear Exploit Kit.

Exploit kits are Web-based attack platforms that try to exploit vulnerabilities in browsers and browser plug-ins in order to infect users' computers with malware. The Nuclear Exploit Kit specifically targets vulnerabilities in Adobe Flash Player, Oracle Java and Microsoft Silverlight.

"It appears as if all of engagelab.com, its advertisement and zone ID's, are currently redirecting to a domain, which in turn is redirecting to the Nuclear Exploit Kit, indicating a possible compromise at this reseller of Google advertisement services," Fox-IT researcher Maarten van Dantzig said Tuesday in a blog post.

The rogue redirects stopped later in the day, suggesting that either Google or Engage Lab took action.

Google and Engage Lab did not immediately respond to requests for comment.

It's unclear how many websites and users were affected, but according to Dantzig, Fox-IT "detected a relatively large amount of infections and infection attempts from this exploit kit among our customers."

The Fox-IT researchers have yet to identify the specific malware program distributed through the campaign.

Malvertising has been a growing problem for years and despite large advertising networks claiming to have sophisticated defenses in place, attackers still find ways to bypass them.

These attacks are particularly dangerous, because users don't need to visit obscure websites in order to get infected. Once attackers manage to push malicious ads onto a large advertising network, those ads get displayed on popular, generally trusted websites.

A 2014 investigation into malvertising by the U.S Senate concluded that "the online advertising industry has grown in complexity to such an extent that each party can conceivably claim it is not responsible when malware is delivered to a user's computer through an advertisement."

That's because a typical online advertisement goes through five or six intermediaries before being displayed in a user's browser and it can be replaced with a malicious one at any point in that chain. Website owners also have no control over what ads will be displayed on their websites, the U.S. Senate said.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Fox-ITonline safetyEngage LabGooglesecurityExploits / vulnerabilitiesmalware

Featured

Slideshows

Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Veritas honours top performing trans-Tasman partners

Veritas honours top performing trans-Tasman partners

Veritas honoured its top performing partners across the channel in Australia and New Zealand, recognising innovation and excellence on both sides of the Tasman. Revealed under the Vivid lights in Sydney, Intalock claimed the coveted Partner of the Year 2017 (Pacific) award, with Data#3 acknowledged for 12 months of strong growth across the market. Meanwhile, Datacom took home the New Zealand honours, with Global Storage and Insentra winning service provider and consulting awards respectively. Dicker Data was recognised as the standout distributor of the year, while Hitachi Data Systems claimed the alliance partner award. Photos by Bob Seary.

Veritas honours top performing trans-Tasman partners
Show Comments