September 17, 2014
A malware campaign that began in May 2014 is delivering customized concoctions of spyware, adware, and browser hijacking malware to PCs and Mac users. The “malvertising” network (a merging of the words “malware” and “advertising”), which has been dubbed Kyle and Stan, has 700 domains.
Getting a malicious ad into an advertising network distribution, even for a short time, can infect many computers, especially if it is on a popular site like Amazon or YouTube. The combination of malware downloaded to each machine is different, which means the checksum varies, thwarting detection.
Malvertising attacks are not new, and have been around for a few years. Generally, criminals use ads on popular sites or networks, such as Spotify or Facebook to spread malware. They place an ad with the network, then change the code in the ad to exploit flaws in the browser which allows them to inject malware on the user’s computer.
To protect yourself against these attacks, it is recommended to run malware detection software (Sophos is distributed for free for MIT users) and to make sure your browser is up to date with the latest security patches. Another option is to filter sites based on their potential threat level. Browser plug-ins such as AdBlock, and Webutation can block ads and warn users if they have accessed a site that is known to host malware. These plug-ins are free and can be run on different types of browsers.