Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Forbes Hit by Malvertising Campaign: FireEye

Forbes.com visitors might have had their computers infected with malware earlier this month as a result of a malvertising campaign launched through a third-party advertising service, FireEye reported on Tuesday.

Forbes.com visitors might have had their computers infected with malware earlier this month as a result of a malvertising campaign launched through a third-party advertising service, FireEye reported on Tuesday.

According to the security firm, users who accessed certain articles on Forbes.com between September 8 and September 15 might have been taken to a landing page for the Neutrino and Angler exploit kits.

These landing pages were set up to exploit vulnerabilities in popular software, such as Flash Player and Internet Explorer, in order to push malware onto victims’ devices.

The attackers abused the services of an advertising network and relied on real-time bidding to ensure that their malicious ads would be displayed. Forbes took steps to address the issue after being notified by FireEye, but Forbes.com visitors had been exposed to malicious advertisements for an entire week.

The fact that both Angler and Neutrino were used in the same attack is not unheard of. The SANS Institute’s Internet Storm Center reported last month that cybercriminals had temporarily switched from using Angler to Neutrino.

Angler is currently considered the best exploit kit since its developers are highly skilled when it comes to adding support for recently patched and even zero-day vulnerabilities. However, cybercriminals seem to be experimenting with other exploit kits as well.

“Malvertising continues to be an attack vector of choice for criminals making use of exploit kits. By abusing ad platforms – particularly ad platforms that enable Real Time Bidding – attackers can selectively target where the malicious content gets displayed,” FireEye said. “When these ads are served by mainstream websites, the potential for mass infection increases significantly, leaving users and enterprises at risk.”

This wasn’t the first time Forbes was hit by a malvertising attack. The business magazine’s website was also targeted by sophisticated threat actors who abused Forbes.com in a cyber espionage campaign aimed at U.S. defense contractors, financial services firms and Chinese dissident groups.

Last week, Malwarebytes reported spotting a major malvertising campaign that went almost undetected for three weeks. The attackers had tricked major advertising networks into accepting their ads by posing as legitimate companies. The attack affected high-traffic websites such as eBay, Drudge Report, Answers.com, eHow Espanol, TalkTalk, News Now, and Manta.

Malwarebytes revealed on Tuesday that the same attackers had also managed to push their malicious ads on Realtor.com, a real estate website with 28 million monthly visits.

“Rogue advertisers are putting a lot of efforts into making ad banners that look legitimate and actually promote real products or services,” Malwarebytes said. “We should also note that the use of SSL to encrypt web traffic is getting more and more common in the fraudulent ad business and that only makes tracking bad actors more difficult.”

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Malware & Threats

Fortinet warned of three malicious PyPI packages containing code that fetches the Wacatac trojan and information stealer.

Cybercrime

The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...