MSN Norway serving Flash exploits through malvertising

MSN Norway serving Flash exploits through malvertising

Summary: Morten Krakvik from the Norwegian Honeynet Project is reporting that MSN Norway is among the latest victims of malvertising, a practice where a bogus advertising provider tricks leading portals into accepting advertisements from its network, which often end up redirecting to live exploit URLs.

SHARE:
TOPICS: Browser
1

Morten Krakvik from the Norwegian Honeynet Project is reporting that MSN Norway is among the latest victims ofMSN Norway malvertising, a practice where a bogus advertising provider tricks leading portals into accepting advertisements from its network, which often end up redirecting to live exploit URLs. The recent wave of malvertising that also targeted Digg, MSNBC and Newsweek, is very similar to the malvertising campaigns that took place in February which were targeting popular sites as Expedia, Excite, Rhapsody and MySpace. The only thing the malvertisers keep changing are the fake security software domains that they push through their campaigns.

Flash player versions susceptible to exploitation are :

Adobe Flash 9.0.16 Adobe Flash 9.0.28 Adobe Flash 9.0.45 Adobe Flash 9.0.47 Adobe Flash 9.0.115

According to Krakvik's analysis, the malicious ad came from bannersrotator DOT com which is still active, and servingbannersrotator the malicious ad (tunnel28.swf) currently detected by 9 out of 36 antivirus scanners as SWF:CVE-2007-0071, or SWF.Exploit.

Who's to blame anyway? The end users for not bothering to patch their browsers and third-party applications at the first place, the portals for doing business with such obviously rogue advertising providers like bannersrotator DOT com, or the advertising networks sacrificing security for efficiency and not screening the ads and newly joining advertisers like bannersrotator DOT com?

It's the lack of decent situational awareness demonstrated by all parties. For instance, the end user thinking that patching their browser is where it all ends, the portals for not taking advantage of publicly obtainable tools aimed at analyzing malicious flash files, and the advertising networks themselves, for choosing efficiency next to security and helping rogue security software providers have their ads syndicated across legitimate sites.

Topic: Browser

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • And the average user

    Is left where? Generally, bewildered. Even the original story is at the limits of her/his understanding because of the use of insider terms. "Portal" is mysterious to some people. Got a cure-all for the simpletons?

    --Glenn
    P.S. I'm not a newbie. I also don't feel in the least secure. A new file type appears every 6.5 seconds, is it?
    oregonnerd13