Beware Malvertising using SSL

A new malvertising campaign attack, appearing to come from various countries, including Vietnam, Turkey, Japan, Saudi Arabia and Germany, has cranked up affecting several popular international websites .

What makes this attack unique is the use of multiple SSL directors which encrypt the traffic and make the redirection harder to follow.

According to Cyphort Labs, both AOL advertising and Microsoft cloud Azure were involved in the redirects. Popular websites infected in this campaign include readms.com – a Japanese Manga comics site, visited by 280,000 people monthly, and bisnis.com, a daily newspaper published in Jakarta, Indonesia, which primarily covers financial and business news and is visited by 4.7 million people monthly. Also, Phununet.com, the 36th most popular site in Vietnam, was affected; it is the first social network for women in Vietnam, developed, by Vietnam Online Group.

It appears related to the “Malvertising Gone Wild” campaign covered by Invincea, the firm said. In June, Invincea found that the prevalence of malvertising attempts hit a record high. Also, it found that the types of sites that delivered malware were also ones that had proportionately more visitors than other sites on the Internet.

“These malvertising campaigns were perpetrated by multiple groups of cyber criminals, delivering several variants of botnets, ransomware and click-fraud bots,” Invincea noted. “Most of the malware delivered were never seen before by AV vendors, according to VirusTotal.”

Notably, several highly popular websites delivered Adobe Flash-based malicious ads that infected victims. As usual, publishers of these websites are largely unaware that their websites were being used by malicious advertisers to drop malware on their visitors, and most have no control over this because of advertising syndication.