Following the report from Proofpoint announcing their discovery and analysis of massive malvertising network AdGholas, operating since 2015 (which was pulling in as many as 1 million client machines per day), Thomas Pore Director of IT at Plixer commented below on why advertising is an ‘excellent’ method for hackers, how it worked and what users can do to avoid it.
Thomas Pore, Director of IT at Plixer:
“The detection and analysis of AdGholas shows how creative, resilient, and money hungry cyber criminals are. Advertising is an excellent way to get content in front of a large audience quickly and by using advertising to redirect to a malicious site, users do not need to click anything.
“The process at which AdGholas was implemented, while detected, continued for so long because of how redirection was being executed. It’s hard to stop something if you don’t know how it works. After months of tracking and investigation it was determined that the process was executed using steganography. Once the use of steganography was detected, the campaign was stopped. I don’t suspect it will be too long before another innovative process is used.
“Users need to remember, that even though a redirect was occurring to a malicious site, exploit kits such as Angler and Neutrino were being used. These exploit kits take advantage of vulnerable software installed locally, such as Flash of Internet Explorer. The filter taking place in this campaign suggests that general PC users were the targets. Users can protect themselves by regularly performing security patching of installed software.”