Flash Exploit Kit Hits Again Via Google’s DoubleClick

Flash Exploit Kit Hits Again Via Google’s DoubleClick

Researches at the security firm Malwarebytes have identified that the cyber criminals are using an advertising network called Merchenta to carry out malvertising attacks.

Merchenta is an advertising network with direct ties to Google’s DoubleClick and that provides a platform for ad exchange and direct integrations with top publishers.

Attack Scenario

The attacker infiltrates the platform via a third party and then placing a malicious advert directly on merchanta's ad platform. 

Jerome Segura, senior security researcher at Malwarebytes Labs wrote in blog post, "The DoubleClick is not directly responsible for loading the malicious ad, it starts the chain of trust with the publisher, which unfortunately has little control over the subsequent transactions taking place."

Malwarebytes contacted Merchanta and received a quick response. They said that the account used belonged to Bidable[dot]com (another real-time bidding company) and it was one of their clients that was fraudulent.

"Most exploit kits are made of three components: a landing page, exploits, and a payload. Flash EK builds advertising and exploit into one unique package (no landing page necessary) and is very stealth or ‘well filtered' because it can leverage ad networks' ability to filter out non genuine traffic. Well filtered meaning to weed out security researcher's honeypots," Segura says.

Bypassing Security Checks

The crooks poses as working for a fortune 500 company and submits a clean advert. The ad network is very interested because that will be a big customer and so they make sure to accommodate the client as much as they can.

The advert still goes through quality assurance and security tests before finally getting ready for prime time. Right before that happens, the crooks sends a malicious version of the ad (with only a minor change they claim) and the ad network, not wanting to lose a client, skips the checks that were already done.

How To Protect Yourself ?

Download and install Malwarebytes Anti-Exploit.

No comments

Powered by Blogger.