Incident reported on 22 October 2014. Cite: http://www.proofpoint.com/threatinsight/posts/malware-in-ad-networks-infects-visitors-and-jeopardizes-brands.php “Without having to click on anything, visitors to the impacted websites may be stealthily infected with the CryptoWall 2.0 ransomware. Using Adobe Flash, the malvertisements silently “pull in” malicious exploits from the FlashPack Exploit Kit. The exploits attack a vulnerability in the end-users’ browser and install CryptoWall 2.0 […]
https://support.google.com/accounts/answer/6103523 “If you use 2-Step Verification, you can choose Security Key as your primary method, instead of having verification codes sent to your phone. With Security Key, there’s no looking at codes and re-typing―you simply insert your Security Key into your computer’s USB port when asked.” Yes, you have to make sure you don’t lose […]
A New York based tech support scam business made $2,500,000 in the past two-and-a-half years. Is it any wonder those ‘your computer is infected’ phone calls are increasing? The company in question also purchased deceptive ads online that led consumers to believe they were calling the technical support line for legitimate companies. The defendants are Pairsys, Inc., […]
http://arstechnica.com/security/2014/09/advertising-firms-struggle-to-kill-malvertisements/ Take particular note of the fact that only every 3rd to 100th ad was bad, making it very hard to catch the bad guys in the act. Also, this wasn’t a matter of a failure of due diligence when choosing to allow onto network. According to the report, one of the online tools that Zedo provides […]
Gotta laugh at the irony: captured thanks to CAPTCHA. http://securitywatch.pcmag.com/security/327646-the-dread-pirate-roberts-s-fatal-mistake
Yep, it’s happened again – details here: https://blog.malwarebytes.org/malvertising-2/2014/09/googles-doubleclick-ad-network-abused-once-again-in-malvertising-attacks/ The days where people could say “only visit reputable sites and you’ll be safe” are well and truly gone.