It was first reported in early January that AOL ad distribution networks were serving malware infected ads on high profile web sites, such as the Huffington Post. Worse, they apparently had been serving the malicious ads since last October.
Now, a month later, researchers at security firm Cypher say the attacks are continuing. They have found new infected ads, so called Malvertising, on the Huffington Post, LA Weekly and other web sites. The exposure in this attack is massive, with as many as 1.5 billion internet users at risk.
In this case, the hackers are installing a malware called Kotter on targets computers that is used to fraudulently generate advertising revenue by generating ad impressions.
Cyphert has warned recently that they are observing a significant increase in malvertising campaigns. Advertising networks review ads for such issues before approving, but it is possible for the hackers to have their malicious payloads hidden and only activated post approval or only for intermittent users.
To guard against infecting customers, web sites need to scan all files for infections on a continuous basis, not just periodically for compliance purposes.
The attackers are exploiting vulnerabilities in Flash to plant their malware. Flash has been plagued with numerous zero day vulnerabilities, including several in just the last month. Such weaknesses are not previously known to security vendors.
From the user’s standpoint, Comodo Internet Security provides the best protection against zero day viruses’. Its unique Default Deny architecture with Auto-Sandboxing ensures that even zero day threats can do no harm. Such unknown threats will only be run in a secure sandbox area, isolated from your system and files.