MSN Norway serving Flash exploits through malvertising

Summary:Morten Krakvik from the Norwegian Honeynet Project is reporting that MSN Norway is among the latest victims of malvertising, a practice where a bogus advertising provider tricks leading portals into accepting advertisements from its network, which often end up redirecting to live exploit URLs.

Morten Krakvik from the Norwegian Honeynet Project is reporting that MSN Norway is among the latest victims of

MSN Norway
malvertising, a practice where a bogus advertising provider tricks leading portals into accepting advertisements from its network, which often end up redirecting to live exploit URLs. The recent wave of malvertising that also targeted Digg, MSNBC and Newsweek, is very similar to the malvertising campaigns that took place in February which were targeting popular sites as Expedia, Excite, Rhapsody and MySpace. The only thing the malvertisers keep changing are the fake security software domains that they push through their campaigns.

Flash player versions susceptible to exploitation are :

Adobe Flash 9.0.16 Adobe Flash 9.0.28 Adobe Flash 9.0.45 Adobe Flash 9.0.47 Adobe Flash 9.0.115

According to Krakvik's analysis, the malicious ad came from bannersrotator DOT com which is still active, and serving

bannersrotator
the malicious ad (tunnel28.swf) currently detected by 9 out of 36 antivirus scanners as SWF:CVE-2007-0071, or SWF.Exploit.

Who's to blame anyway? The end users for not bothering to patch their browsers and third-party applications at the first place, the portals for doing business with such obviously rogue advertising providers like bannersrotator DOT com, or the advertising networks sacrificing security for efficiency and not screening the ads and newly joining advertisers like bannersrotator DOT com?

It's the lack of decent situational awareness demonstrated by all parties. For instance, the end user thinking that patching their browser is where it all ends, the portals for not taking advantage of publicly obtainable tools aimed at analyzing malicious flash files, and the advertising networks themselves, for choosing efficiency next to security and helping rogue security software providers have their ads syndicated across legitimate sites.

Topics: Browser

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.