Malware discovered in online ads on popular sites

Malware discovered in online ads on popular sites

Eset has warned that online ads are delivering images containing malware that runs without user intervention.

More malware has been found hiding in seemingly innocuous images, but this time in what security vendor Eset describes as ‘malvertising campaigns’ on popular websites.

Where the Imagegate malware reported last month relies on users opening files that had been automatically downloaded onto their computers, the Stegano exploit kit allows the bad guys to create images that contain malicious code that is executed by vulnerable versions of Flash within Internet Explorer.

These images have been delivered by placing them in advertisements displayed by “major domains, including news websites with millions of daily visitors,” according to security vendor Eset.

The code contained in the images has the job of downloading whatever malware the criminals have selected. Eset has seen examples of banking Trojans, backdoors and spyware, but ransomware could just as easily be installed this way.

Eset has published a detailed explanation of how Stegano works.

“The Stegano exploit kit once again reinforces the necessity of keeping your operating system and application software fully patched and as up-to-date as possible,” said Eset senior research fellow Nick FitzGerald.

“Aside from only targeting systems using specific web browsers and outdated Flash versions, Stegano expends extensive effort to avoid running on typical security researcher computers, whether virtual, sandbox or a standard 'infectible' machine. This is all part of its plan to avoid initial detection and complicate ongoing monitoring and research, thereby increasing the profit for the cybercriminals behind this exploit kit.

“As Australian web visitors have been specifically targeted in recent Stegano malvertising campaigns, Australian internet users who are unsure of the automatic patching of their systems should check they have all the latest security patches installed and that their security software is properly updated and configured. Users of security solutions other than Eset’s might wish to get a second opinion from the Eset Online Scanner.”

Source: Copyright © BIT (Business IT). All rights reserved.

See more about:  eset  |  malware  |  security
 
 

Readers of this article also read...

The best-value tablets of 2017 

The best-value tablets of 2017

 
Five ways to use tech to your advantage in 2017 

Five ways to use tech to your advantage in 2017

 
Seven top Xero add-ons 

Seven top Xero add-ons

 
Three tips on how to work with your accountant 

Three tips on how to work with your accountant

 
Square's $59 contactless and chip card reader 

Square's $59 contactless and chip card reader

 
Sign up to the BIT newsletter!
Our newsletter gives you the tech advice you need to make the right decisions for your small and medium business.

Latest Comments

Latest articles on iTnewsLatest iTnews Articles
Netflix open sources user device security check tool
22 Feb 2017
Gives security recommendations instead of heavy-handed policy enforcement.
Verizon lops off $456 million from Yahoo price
22 Feb 2017
Will share some liabilities stemming from hacks and data breaches.
Malware authors camouflage code with Russian terms
21 Feb 2017
Lazarus group thought to be behind attack code.
FBI conducting three probes into Russian election hacking
20 Feb 2017
Five insiders offer up new details.
Spike in Aussie govt insiders misusing email for fraud
20 Feb 2017
Fall in use of other vectors.