Security

Malvertisers slam Forbes, Realtor with world's worst exploit kits

Attackers back after month-long major web conquest

Malvertisers have hit prominent websites Forbes and Realtor.com, redirecting victims to two of the world's worst exploit kits.

FireEye threat bods J. Gomez and Genwei Jiang reported eight Forbes URLs attached to news stories from 2012 and 2015, in one of the attacks.

Those pages bounced readers to a HTML file and onwards to either the Neutrino and Angler exploit kits which typically exploit nearly 40 percent of victims who encounter it.

The kits exploit Flash, Java, Silverlight and various browser vulnerabilities, with authors often finding or quickly incorporating zero day flaws.

"Malvertising continues to be an attack vector of choice for criminals making use of exploit kits," the pair say.

"By abusing ad platforms – particularly ad platforms that enable real time bidding – attackers can selectively target where the malicious content gets displayed."

Malwarebytes malvertising guru Jerome Segura reported the attack on Realtor.com which pulls in an estimated 28 million visitors a month.

Feature: Malware menaces poison ads as Google, Yahoo! look away.

The attackers in typical fashion bounced visitors who encountered the ads to the Angler exploit kit. They were able to get the ads on the website through real time bidding networks that fail to check the security integrity of creative.

Segura says the attackers were also responsible for a three-week long large malvertising attack last week which affected big ticket websites including eBay UK, the Druge Report, and Answers.com.

Malvertising is rampant; criminals are continually exploiting lax security checks of advertising and real time bidding networks to get their malicious code hosted on some of the world's biggest websites.

Advertising mechanisms are a soft attack vector in what could otherwise be typically tougher website defences. Websites rely on advertisers for cash flow and therefore are permitting advertiser network code to run on their sites.

This places websites at the mercy of ad networks which appear largely unwilling to fully clamp down on the security shortfalls. ®

Sponsored: HPC in the cloud: A solution for varied computing needs