September 22, 2014 by

How Google’s DoubleClick Ads Infected Millions with Malware

It’s no secret that malware is getting increasingly more sophisticated. The most recent example was identified by Microsoft and carries the name Zemot. A recent report by Malwarebytes suggests that the cyber criminals behind Zemot are using a number of popular websites to spread their malware, including and The Times of Israel. The malware was distributed via Google’s DoubleClick service, along with Zedo advertising agency – both of which have a very broad reach.

“It was active but not too visible for a number of weeks until we started seeing popular sites getting flagged in our honeypots,” wrote Jerome Segura, a senior security researcher at Malwarebytes. “That’s when we thought, something is going on.”

The malicious ads work by using the Nuclear exploit, which looks for an unpatched version of the Internet Explorer or an Adobe Flash Player running on the victim’s computer. The ads then download the Zemot malware, which in turn downloads a variety of additional malicious applications. The malware mainly targets Windows XP users (although not exclusively), and computers with an outdated antivirus software.

A plan of attack for the malicious ads;
A plan of attack for the malicious ads.

Google confirmed the breach and have disabled the affected servers that were redirecting the malicious code. The ads themselves have been disabled as well.


About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Iowa Student Arrested for Changing Grades Using Keylogger Malware

A former student at the University of Iowa has been arrested in his hometown of Denver after using...

Read more arrow_forward

Pizza Hut Suffers Customer Card Breach, Discloses Hack 2 Weeks Later

Pizza chain Pizaa Hut was hacked on October 1st and October 2nd this month with hackers stealing...

Read more arrow_forward

Microsoft’s Secret Bug Database was Hacked in 2013

Technology giant Microsoft never disclosed a major breach of its internal database tracking bugs, a...

Read more arrow_forward