Check Point shows: They’ve discovered an operation that delivers such ads to millions of users.
On first sight it all seems legitimate: A page sells their traffic to an ad bidding platform, it gets sold to the highest bidding advertiser, and then some advertisement appears on the page. There are a couple of problems though:
According to Check Point the whole operation is rather well planned out and conducted professionally – and apparently is still live.
It all started with more than 10,000 compromised pages, which were using WordPress 4.7.1, an old version of the ever-popular CMS that sports a Remote Code Execution vulnerability. All of those sites were and probably still are redirecting their traffic to a page that belongs to the mastermind of the operation dubbed “Master134”.
With the huge amount of traffic on the page and masquerading as a publisher, Master134 goes to the AdsTerra Ad-Network which will sell the space available on the page to the highest bidders and/or resellers. Incidentally, all of the Mater134 ad lots are bought soon after by malware distributors posing as advertisers.
The ads displayed on Master134’s page now are malicious and the users visiting (or rather being redirected) to the site are now in danger of falling prey to the malvertisement targeted at them.
There are a couple of things that can be done in order to keep safe from malvertisement:
Keep your software up to date – Malvertisement often uses exploits in unpatched software like Flash to gain a foothold on their victims’ computer. Downloading and installing the latest available version of your programs is, therefore, a must. If you feel like that’s too much to handle get help in form of a Software Updater which does the work for you.
Use an adblocker – Adblockers are very useful when it comes to staying safe online. While they are understandably an issue for publishers and other people making an income with ad revenue they certainly also make sure that you can stay safe from malvertisement.
Install an antivirus – If push comes to shove an antivirus would be your last line of defense before the infection. They make sure you stay safe from trojans, viruses, ransomware, and more.