More than 50 million people per month could be at risk of a mass-scale ‘malvertising’ cyber-attack that turns computers into Zombies, according to researchers at Raytheon|Websense. The attack routes through advertising platforms to target popular websites, with researchers noting breaches on Bejewelled Blitz on Facebook, CNN Indonesia, the official websites of Prague Airport and RTL Television Croatia, as well as Detik and AASTOCKS.
The Websense Labs team discovered the attack utilises open advertising platform OpenX, which sees up to 100 billion impressions per month, to compromise and inject malicious code which is spread to multiple websites. The injected code leads to a redirect which has been seen to lead to the highly prevalent Angler Exploit Kit, which exploited the latest Adobe Flash Player vulnerability (CVE-2015-3090), distributed CryptoWall 3.0, Bedep and Necurs, as well as a Trojan known as ‘Bunitu.’
The Bunitu malware dropped by Angler ‘Zombifies’ computers, by causing infected machines to act as a proxy. This enables it to be used for subsequent malicious activity and allows cybercriminals to hide behind legitimate users’ machines to avoid detection by the authorities.
Carl Leonard, principal security analyst at Raytheon|Websense, said: “Advertising networks are an increasingly popular focus for cybercriminals, as they open up avenues to infect millions of users with minimal effort. The growing nature of evasion, stealth and variation employed in the malicious code means that it’s more important now than ever to deploy a security solution capable of stopping threats at multiple points in the kill chain.”