Malicious ads distributed 'on a large scale' by Zedo, Google's DoubleClick ad networks
Two online advertising networks, Google’s DoubleClick and Zedo, have been delivering malicious advertisements that could install malware on a person’s computer, according to the security vendor Malwarebytes.
The Times of Israel, The Jerusalem Post and the Last.fm music services were among the websites serving the malicious advertisements, wrote Jerome Segura, a senior security researcher with Malwarebytes, in a blog post.
“We rarely see attacks on a large scale like this,” he wrote.
Although ad networks try to filter out malicious ones, occasionally bad ones slip in, which on a high-traffic site means a large pool of potential victims. Websites that serve the ads are usually unaware of the problem.
“What is important to remember is that legitimate websites entangled in this malvertising chain are not infected,” Segura wrote. “The problem comes from the ad network agency itself.”
DoubleClick and Zedo officials couldn’t immediately be reached for comment.
Segura wrote that the ads direct victims to sites hosting the “Nuclear” exploit kit, which attempts to see if a computer is running vulnerable versions of Adobe Systems’ Flash program or Internet Explorer, among others.
A successful attack will install the ”Zemot” malware, which can connect to a remote server and download other malicious applications.
Segura wrote that Malwarebytes is still investigating, but that the company had warned The Times of Israel.