September 22, 2014 by

How Google’s DoubleClick Ads Infected Millions with Malware

It’s no secret that malware is getting increasingly more sophisticated. The most recent example was identified by Microsoft and carries the name Zemot. A recent report by Malwarebytes suggests that the cyber criminals behind Zemot are using a number of popular websites to spread their malware, including and The Times of Israel. The malware was distributed via Google’s DoubleClick service, along with Zedo advertising agency – both of which have a very broad reach.

“It was active but not too visible for a number of weeks until we started seeing popular sites getting flagged in our honeypots,” wrote Jerome Segura, a senior security researcher at Malwarebytes. “That’s when we thought, something is going on.”

The malicious ads work by using the Nuclear exploit, which looks for an unpatched version of the Internet Explorer or an Adobe Flash Player running on the victim’s computer. The ads then download the Zemot malware, which in turn downloads a variety of additional malicious applications. The malware mainly targets Windows XP users (although not exclusively), and computers with an outdated antivirus software.

A plan of attack for the malicious ads;
A plan of attack for the malicious ads.

Google confirmed the breach and have disabled the affected servers that were redirecting the malicious code. The ads themselves have been disabled as well.


About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Here are the 10 Most Malware Infected States in the Country

A new report has canvassed more than 1.5 million malware infections in the United States to reveal...

Read more arrow_forward

The Growing Insider Threat

A security threat originating from within the organization which is targeted or attacked is an...

Read more arrow_forward

Microsoft Patches Windows XP to Protect Against Nation-State Attacks

After Microsoft took the unprecedented step of releasing patches for Windows XP following last...

Read more arrow_forward

If you have any further questions, please don't hesitate to contact us.