Welcome, Guest. Please login or register.

Author Topic: Alert: Massive Web Ad Poisoning  (Read 1744 times)

0 Members and 2 Guests are viewing this topic.

Online CMDL_GUY

  • Administrator
  • Location: Mt. Sidney Virginia
  • Posts: 8183
    • www.lscg.net
Alert: Massive Web Ad Poisoning
« on: August 24, 2015, 04:55:25 PM »
Alert: Massive Web Ad Poisoning

By Stu Sjouwerman, for KnowBe4.com Security Awareness Training

The same cybercrime lowlifes that infected the Yahoo website a few weeks ago have struck again, this time infecting sites like Drudge Report and Weather.com. Both sites have hundreds of millions of visitors per month, and were serving poisoned web ads which either dropped CryptoWall ransomware or infected the PC with adware.

Internet users at the house, or employees who browse the web during their lunch break do not understand the mechanics of modern ad networks. Once an ad network is subverted, hundreds of millions of poisoned ads are displayed in real-time. Many of these ads initiate a drive-by attack without the user having to do anything. The attack does a few redirects, kicks in a U.S. and Canada-focused Exploit Kit which checks for vulnerabilities (usually in Flash) and infects the workstation literally in seconds.

What To Do About It

This is a hard one to defend against, because they hide behind an SSL to Microsoft’s Azure Cloud which makes it difficult to detect, but there are definitely things you can do. First of all, I would send this to your
users.

 Feel free to copy/paste/edit:
"Government is not reason; it is not eloquent; it is force. Like fire, it is a dangerous servant and a fearful master." - George Washington

“Remember democracy never lasts long. It soon wastes, exhausts, and murders itself. There never was a democracy yet, that did not commit suicide.”   -John Adams

K4LRM

www.lscg.net

Faster horses, younger women, older whiskey, more money.

Online Keighlar

  • Moderator
  • Location: New Hampshire
  • Posts: 1605
Re: Alert: Massive Web Ad Poisoning
« Reply #1 on: August 24, 2015, 05:36:56 PM »
Thank goodness for Ad Block Plus!
“You know you’re in love when you can’t fall asleep because reality is finally better than your dreams.”
Dr Seuss

Online CMDL_GUY

  • Administrator
  • Location: Mt. Sidney Virginia
  • Posts: 8183
    • www.lscg.net
Re: Alert: Massive Web Ad Poisoning
« Reply #2 on: August 24, 2015, 05:42:33 PM »
Stacey, is this what you are using?

https://adblockplus.org/
"Government is not reason; it is not eloquent; it is force. Like fire, it is a dangerous servant and a fearful master." - George Washington

“Remember democracy never lasts long. It soon wastes, exhausts, and murders itself. There never was a democracy yet, that did not commit suicide.”   -John Adams

K4LRM

www.lscg.net

Faster horses, younger women, older whiskey, more money.

Online telemarv

  • Moderator
  • Location: Ottawa ON Canada
  • Posts: 1459
Re: Alert: Massive Web Ad Poisoning
« Reply #3 on: August 24, 2015, 08:02:47 PM »
Stacey, is this what you are using?

https://adblockplus.org/

Me too works great!
Marv CCNA


If people had more manners... we'd need fewer laws.

Online Keighlar

  • Moderator
  • Location: New Hampshire
  • Posts: 1605
Re: Alert: Massive Web Ad Poisoning
« Reply #4 on: August 24, 2015, 09:02:47 PM »
Stacey, is this what you are using?

https://adblockplus.org/

That's it.  There's an iteration for every browser. Just make sure to install it for all of them you use.
“You know you’re in love when you can’t fall asleep because reality is finally better than your dreams.”
Dr Seuss

Offline tonyburkhart

  • Moderator
  • Location: Reynoldsburg Ohio USA
  • Posts: 1022
    • www.teamburkhart.com
Re: Alert: Massive Web Ad Poisoning
« Reply #5 on: August 25, 2015, 03:59:53 AM »
AdBlockPlus is a perfect band-aid for this. The true problem lies in poorly developed software, like that turd of a software package known as Adobe Flash. It is the worst designed software, and has always been plagued with security holes. They designed it wrong, from the ground up, and it needs to be done away with. There are many other (way more secure) options out there.

Good reading related to it: http://www.ic3.gov/media/2015/150623.aspx

Thanks for the article, it's always good to bring things like this to end user's attention. Empowerment, via education!
Thanks,
Tony Burkhart
Team Burkhart
www.teamburkhart.com