GeoEdge on Twitter
GeoEdge on Linkedin

© Copyright 2016 GeoEdge Ltd.  |  All rights reserved  |  Privacy Policy  |  Terms of Service

GeoEdge on Twitter

Operation Fingerprint: A Look into Several Angler Exploit Kit Malvertising / Malicious Ad Campaigns

Malicious advertising, also known as malvertising, has become the best method to distribute malware on a global scale with surgical precision. Simply put, malvertising is a means to expose innocent users visiting legitimate websites to malware via a rogue advert.

 

 

Leveraging the extensive user profiling available to advertisers, cybercriminals are able to target their victims like never before in attacks that are both cost effective and difficult to pinpoint.

One of the newest techniques being used is fingerprinting, a way to check potential victims’ computers with snippets of code injected directly into the ad banner. This code can quickly rule out non-viable targets, such as honeypots set up by malware researchers or security companies performing ad check validation. Fingerprinting joins a growing arsenal of tactics developed by cybercriminals to avoid discovery by security researchers.

 

This research provides a unique insight into malvertisers’ thought processes, showing how they remain one step ahead while the ad industry tries to avoid playing Whack-a-Mole.

 

Highlights:

  • Hundreds of goo.gl URLs used in malicious redirections

  • Over 100 fake advertiser domains

  • Dozens of ad networks abused, including top ones

  • Use of SSL to encrypt ad call URL and content

  • Targeted towards genuine residential IP addresses only

  • Booby-trapped GIF images hiding code with on-the-fly encoding

  • Fake advertiser profiles and deceiving websites

  • 42% of infections happened in the U.S.

  • Cost: only 19 cents for each 1000 impressions (CPM)

 
Download the whitepaper

 

This research is a result of the combined efforts of Malwarebytes and GeoEdge. We focused on attacks that took place throughout 2015 and led to the distribution of malware via the Angler exploit kit.

 

 

Please reload

Please reload

Browse Posts By Tags
Popular Posts
Please reload