Hackers use DoubleClick & Zedo ad networks to spread malware
Criminals use ads to get victims to install Zemot malware
Hackers have harnessed the power of two advertising networks, Google's DoubleClick and Zedo, to run ads that install malware on users' computer.
According to IT security firm Malwarebytes, the Times of Israel, The Jerusalem Post and Last.fm have all been exploited by cybercriminals with malvertising.
Jerome Segura, a senior security researcher with Malwarebytes, said in a blog post his company "rarely see attacks on a large scale like this".
While ad networks work hard to ensure they filter out malware, the occasional piece will slip through the net, meaning on a high-traffic website, malware can spread to a large number of victims. It also means the site serving up the malware is often doing so unknowingly.
He said the ads lead users to sites containing an exploit kit known as "Nuclear".
The malware looks to see if a vulnerable version of Adobe Flash is running or an unpatched version of Internet Explorer. If this is found, it then downloads the Zemot malware, which connects to a remote server and downloads a raft of other malicious applications.
The Zemot malware was identified by Microsoft earlier this month. According to Microsoft, Zemot is usually distributed not only by the Nuclear exploit kit but also by the Magnitude exploit kit and spambot malware Kuluoz.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"What is important to remember is that legitimate websites entangled in this malvertising chain are not infected. The problem comes from the ad network agency itself," said Segura.
Segura warned users to keep their systems up-to date, with current antivirus and anti-malware protection. The firm has also warned the websites about inadvertently serving up malware in advertising.
Earlier this month, Kyle and Stan malvertising showed up on hundreds of websites including Amazon, YouTube and Yahoo.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.