September 22, 2014 by

How Google’s DoubleClick Ads Infected Millions with Malware

It’s no secret that malware is getting increasingly more sophisticated. The most recent example was identified by Microsoft and carries the name Zemot. A recent report by Malwarebytes suggests that the cyber criminals behind Zemot are using a number of popular websites to spread their malware, including Last.fm and The Times of Israel. The malware was distributed via Google’s DoubleClick service, along with Zedo advertising agency – both of which have a very broad reach.

“It was active but not too visible for a number of weeks until we started seeing popular sites getting flagged in our honeypots,” wrote Jerome Segura, a senior security researcher at Malwarebytes. “That’s when we thought, something is going on.”

The malicious ads work by using the Nuclear exploit, which looks for an unpatched version of the Internet Explorer or an Adobe Flash Player running on the victim’s computer. The ads then download the Zemot malware, which in turn downloads a variety of additional malicious applications. The malware mainly targets Windows XP users (although not exclusively), and computers with an outdated antivirus software.

A plan of attack for the malicious ads;
A plan of attack for the malicious ads.

Google confirmed the breach and have disabled the affected servers that were redirecting the malicious code. The ads themselves have been disabled as well.

 

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Disk-Wiping Malware KillDisk Now Targets Linux Systems

Infamous disk-wiping malware KillDisk gains an update which sees it compromise Linux systems...

Read more arrow_forward

Fake Software Updates Can Lead To Stolen Keychains On Apple Products

  Recently there has been a small uptick in the occurrences in fake software updates, in...

Read more arrow_forward

IBM Study: Ransomware up 6,000%, a Billion-Dollar Business

A new study from IBM security has revealed that ransomware has increased a staggering 6,000% this...

Read more arrow_forward

If you have any further questions, please don't hesitate to contact us.