Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cryptolocker may be spread via YouTube adverts


  • Please log in to reply
40 replies to this topic

#1 Racket_Man

Racket_Man

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cheese Head Land
  • Local time:12:01 AM

Posted 02 September 2014 - 03:43 AM

I am not sure how reliable this blog is but this link  appeared in a newsletter I occasionally get

 

http://blog.knowbe4.com/bid/394864/Cryptolocker-Being-Spread-On-YouTube-Ads

 

 

Now, spreading malware via ad-networks in itself is nothing new. We have seen this since 2010 where scare-ware was promoted as "Free Security Scans" remember? The free scan found a host of "problems" and sold you a rip-off bogus AV product.

 

What is new here is this: clicking on a thumbnail (I assume they mean a video type thumbnail or maybe an ad Not explained in the article) after the first video caused an exploit kit to kick in, finding a known unpatched vulnerability, and once found, executes ransom-ware code which locks all files and extorts $500. These exploit kits check for hundreds of known holes in no time, and this "ad-network" threat just escalated to a much higher level.

 

 

Here is the Virus Bulletin article

https://www.virusbtn.com/blog/2014/08_15.xml

 

 

IF this is even remotely true, it is scary as heck.


Edited by Racket_Man, 02 September 2014 - 03:49 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,767 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:01 AM

Posted 02 September 2014 - 04:14 AM

Hi,

 

unfortunately this has been true for quite some time. Again and again advertisement networks have been infiltrated by malicious ads that will infect you on otherwise clean and reputable sites. This is one reason why many consider an Adblocker as a part of your security tools to prevent malware.

 

Regarding the thumbnail: The VB article does not really make any mentions of thumbnails or, really, there being anything new about this type of attacks and any mention of the thumbnail I find online is a verbatim quote of that blog. I would think this is either a misunderstanding or made up to increase his revenue.. He is trying to sell his services on that blog.

 

This doesn't change however that it is very concerning that malware can get ad space on sites as large as youtube and whether they click a thumbnail of the ad or the ad itself makes little difference in the end.

 

regards

myrti


is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:01 AM

Posted 02 September 2014 - 08:21 PM

...after the first video caused an exploit kit to kick in, finding a known unpatched vulnerability, and once found, executes ransom-ware code which locks all files and extorts $500. These exploit kits check for hundreds of known holes in no time, and this "ad-network" threat just escalated to a much higher level.


Older versions of popular software such as Adobe (Acrobat Reader, Flash Player, Shockwave Player), Java, Windows Media Player, Web Browsers are vulnerable to exploits and should be kept updated. There are serious security issues with older versions which can increase the risk of system infection. Infections spread by malware writers and attackers exploiting unpatched security holes or vulnerabilities in older versions. Software applications are a favored target of malware writers who continue to exploit coding and design vulnerabilities with increasing aggressiveness.
 

The majority of computers get infected from visiting a specially crafted webpage that exploits one or multiple software vulnerabilities. It could be by clicking a link within an email or simply browsing the net, and it happens silently without any user interaction whatsoever.

Web Exploits


Exploit kits are a type of malicious toolkit used to exploit security holes found in software applications...for the purpose of spreading malware. These kits come with pre-written exploit code and target users running insecure or outdated software applications on their computers.

Exploit Kits - Anatomy of an exploit kit
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:06:01 PM

Posted 03 September 2014 - 12:47 AM

RIG Exploit Pack, http://www.kahusecurity.com/2014/rig-exploit-pack/
8×8 Script Leads to Infinity Drive-By, http://www.kahusecurity.com/2014/8x8-script-leads-to-infinity-drive-by/
Wild Wild West 07/2014, http://www.kahusecurity.com/2014/wild-wild-west-072014/

Rig Exploit Kit Used in Recent Website Compromise. http://www.symantec.com/connect/blogs/rig-exploit-kit-used-recent-website-compromise
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:01 AM

Posted 03 September 2014 - 05:37 AM

Wild Wild West 07/2014, http://www.kahusecurity.com/2014/wild-wild-west-072014/

"Wanted Dead or Alive"...if only Josh Randall was still with us. :wink:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:06:01 PM

Posted 07 September 2014 - 10:10 PM

New attacks with the Angler exploit kit inject code directly in browser processes without leaving files on disk. http://www.computerworld.com/article/2600619/security/hackers-make-drive-by-attacks-stealthier-with-fileless-infections.html and http://malware.dontneedcoffee.com/2014/08/angler-ek-now-capable-of-fileless.html
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#7 rp88

rp88

  • Members
  • 2,965 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:01 AM

Posted 16 September 2014 - 11:51 AM

Has anyone confirmed whether this is true yet? and if the ads infect those who click on them or anyone who visits a youtube page. Considering that even up to date browsers can be vulnerable to drive-bys is there a method to protect yourself. In many ways this makes the advertising network operators criminals themselves for failing to check the ads people want them to serve, if online advertising was legitimate they would check every ad someone asked them to run before allowing it to be shown anywhere on their network.


Edited by rp88, 16 September 2014 - 11:55 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:01 AM

Posted 16 September 2014 - 04:47 PM

Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Hackers are also known to exploit Flash vulnerabilities which can lead to malware infection. When visiting a website that hosts an HTML page which requires a Flash script, users may encounter a malicious Flash redirector or malicious script specifically written to exploit a vulnerability in the Flash Interpreter which causes it to execute automatically in order to infect a computer.

Even legitimate web sites and the ads they display can be a source of infection.

Infected websites have been the single biggest threat...Approximately 23,500 infected webpages are discovered every day that's a new one every 3.6 seconds, according to Sophos' recently released July security threat report.

Every 3.6 seconds a website is infected

 

At least one in 10 web pages are booby-trapped with malware...The tricks include hacking into a web server to plant malware, or planting it within third-party widgets or advertising...
About eight out of every 10 Web browsers are vulnerable to attack by exploits...Even worse, about 30% of browser plug-ins are perpetually unpatched...

One in 10 web pages laced with malware

 

...Internet users are 21 times more likely to become infected by visiting a legitimate online shopping site than by visiting a site used for illegal file-sharing...The problem isn't in the sites themselves; it's in the ads...

Mainstream Websites More Likely to Harbor Malware

 

It can be more dangerous to click on an online advertisement than an adult content site these days, Cisco said in its latest version of the yearly security threat report. Popular belief states that security risks increase as the user engages in riskier and shadier behavior online, but that apparently isn't the case, Cisco found in its 2013 Annual Security report,...

Easier to Get Infected With Malware on 'Good Sites' Than on Shady Sites


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 rp88

rp88

  • Members
  • 2,965 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:01 AM

Posted 16 September 2014 - 05:15 PM

Why do all these vulnerabilities exist in programs in the fist place, surely the first rule put into a program someone is developing should be "don't let anything happen without user approval" with al other program behaviours built atop that foundation. It this sort of drive-by stuff that really scares me, even with a perfect antivirus and a fully up to date system the virus can get onto one's machine without any action by the user. Just seeing the ads would mean you'd been infected but you wouldn't even know it. Is there any defence from this stuff, i mean you can put "plugins click to play" but some of this stuff is done without needing plugin involvement. And if you use noscript to block stuff most sites won't work (youtube a particularly scary target as it's whole purpose is to play videos some of which still use flash). Logging into websites, watching videos, even seeing images on some sites, can't be done without various features running any of which could be used for an attack.


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:01 AM

Posted 16 September 2014 - 06:10 PM

There is no perfect anti-virus or anti-malware program and even if there were, no amount of security software is going to defend against today's sophisticated malware writers for those who do not practice safe computing.

I can't tell you how many folks ignore (or remain ignorant) of all the warnings in regards to safe computing and still click on links, ads, visit risky sites, download programs from untrusted sites, etc without thinking twice about doing so. It has been proven time and again that the user is a more substantial factor (weakest link) in security than the architecture of the operating system or installed protection software.

Earlier this year, Bromium published “Endpoint Protection: Attitudes and Opinions,” a statistical analysis of more than 300 information security professionals. The results revealed that endpoints are vulnerable, anti-virus is ineffective and end users are a weak link.
End Users Remain Biggest Security Headache as Compromised Endpoints Increase
 
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:06:01 PM

Posted 16 September 2014 - 11:02 PM

There is no perfect anti-virus or anti-malware program and even if there were, no amount of security software is going to defend against today's sophisticated malware writers for those who do not practice safe computing.I can't tell you how many folks ignore (or remain ignorant) of all the warnings in regards to safe computing and still click on links, ads, visit risky sites, download programs from untrusted sites, etc without thinking twice about doing so. It has been proven time and again that the user is a more substantial factor (weakest link) in security than the architecture of the operating system or installed protection software.

Earlier this year, Bromium published Endpoint Protection: Attitudes and Opinions, a statistical analysis of more than 300 information security professionals. The results revealed that endpoints are vulnerable, anti-virus is ineffective and end users are a weak link.

End Users Remain Biggest Security Headache as Compromised Endpoints Increase
And employees, who abuse their work pc.
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:01 AM

Posted 17 September 2014 - 05:57 AM

And employees, who abuse their work pc.

Yea...them too.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 rp88

rp88

  • Members
  • 2,965 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:01 AM

Posted 17 September 2014 - 08:47 AM

"no amount of security software is going to defend against today's sophisticated malware writers for those who do not practice safe computing."

 

The thing is that big sites like youtube/news sites/amazon never used to be dangerous just to browse, now with these ads doing something that should be a perfectly safe behaviour like visiting one of them or visiting a page(one with a title and address that looks legit) in a google search are just as dangerous as all the really risky places used to be. It seems the only thing that is safe computing any more is a machine that never goes online, that might be alright for a governemnet archive computer but for 99.999% of users not going online makes a computer almost useless/extremely lacking in what can be done.


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:01 AM

Posted 17 September 2014 - 11:58 AM

All social networking sites (MySpace, YouTube, Facebook, Twitter, etc) can be a significant security risk which could make your computer susceptible to malware infection. I don't use any of these types of sites nor do I recommend family and friends use them.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 rp88

rp88

  • Members
  • 2,965 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:01 AM

Posted 17 September 2014 - 05:31 PM

Are such social networking sites (forum sites could be described like that!!) risky because of the content they themselves contain and the ads they themselves display or because a foolish user might click a "bit.ly " or "tinyurl" link that a ""friend"" gave them and follow it to a drive-by. 


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users