Malware spread via Google, Microsoft ad network
A number of online ad networks – including the two largest, Google’s DoubleClick and Microsoft’s Media Network – have been found unknowingly spreading malware via compromised ads provided by a malicious “company” impersonating the legitimate ad serving and marketing firm AdShuffle.
A simple visit to various sites – among which are also the high-profile realestate.msn.com, msnbc.com, mail.live.com, and many others – triggered the malicious javascript served from ADShufffle.com (three f’s) which started the drive-by download.
Taking advantage of a variety of IE, Adobe Reader, Java, and other PC software bugs, the attackers have manage to install backdoors that allow them to access the compromised computers and HDD Plus, a fake system optimization tool that makes it seem like the system is failing and asks the users to purchase a license in order to make things right:
It took a while for security firm Armorize to discover how the malware was spread, and as soon as they did, they informed the ad networks.
There is a variety of reasons why the scam wasn’t detected sooner, but among them is the fact that the exploit themselves had been successfully obfuscated and that the detection rate by antivirus solution was exceptionally low.
The good news is that these bugs are known and have already been patched, so users who kept their software and antivirus solutions updated were not at risk.