SA Migration International

News Articles

Malvertising campaign tied to legitimate online ad companies.

Source: Tech Target, 31/07/2018

A new report from Check Point Research uncovers an extensive
malvertising campaign known as `Master134` and implicates several
online advertising companies in the scheme.
Check Point Research uncovered an extensive malvertising campaign that
has ties to legitimate online advertising companies.
Check Point`s report, titled `A Advertising Campaign of Secrets and
Lies,` detailed how a threat actor group used more than 10,000
compromised WordPress sites and multiple exploit kits to spread a
variety of malware, including ransomware and banking Trojans. The
group, which Check Point refers to as `Master134,` was responsible for
a `well-planned` malvertising campaign that involved several online
advertisement publishers, resellers and networks, including a company
known as AdsTerra that Check Point claims was `powering the whole
process.`
The technical aspects the Master134 campaign aren`t novel, according
to Check Point. The threat actors used unpatched WordPress sites that
were vulnerable to remote code execution attacks and then redirected
traffic from those sites to pages run by ad networks, which in turn
redirected users to a malicious domain that downloads malware to
users` systems.
Check Point researchers took a closer look at how traffic was directed
to the malicious domains and found `an alarming partnership between a
threat actor disguised as a publisher and several legitimate
resellers.` According to the report, Master134 sells its traffic or
`ad space` to the AdsTerra network, which then sells it to advertising
resellers such as ExoClick, AdKernel, EvoLeads and AdventureFeeds.
The reseller then sells the Master134 traffic to their clients, but
Check Point said its researchers discovered an odd pattern with the
sales. `All the clients who bid on the traffic directed via AdsTerra,
from Master134, happen to be threat actors, and among them some of the
exploit kit land`s biggest players,` the report claimed.
Check Point Research speculated that threat actors operating these
malicious domains and exploit kits pay Master134 for traffic or
`victims,` which are supplied to them via a seemingly legitimate
channel of ad networks. While the vendor didn`t accuse AdsTerra or the
resellers of knowingly participating in the malvertising campaign, the
report did say the ad networks would need to `turn a blind eye` for
this scheme to be successful.
`[A]lthough we would like to believe that the resellers that purchase
Master134`s ad space from AdsTerra are acting in good faith, unaware
of Master134`s malicious intentions, an examination of the purchases
from AdsTerra showed that somehow, space offered by Master134 always
ended up in the hands of cyber criminals, and thus enables the
infection chain to be completed,` the report stated.
SearchSecurity contacted AdsTerra, ExoClick, EvoLeads, AdventureFeeds
and AdKernel for comment on the Check Point report.
AdKernel denied any involvement with the Master134 group or related
threat actors. Judy Shapiro, chief strategy advisor, emailed a
statement to SearchSecurity claiming the Check Point report is false
and that AdKernel is an ad-serving technology provider, not an ad
network or reseller. Shapiro also wrote that AdKernel did not own the
malicious domains cited in the Check Point report, and that those
domains were `owned by ad network clients of AdKernel.` The company,
however, did not say who those clients were.
The other four companies had not responded at press time.
The Check Point Research report had strong words for the online
advertising industry and its inability or unwillingness to prevent
such malvertising campaigns from taking advantage of their networks.
`[W]hen legitimate online advertising companies are found at the heart
of a scheme, connecting threat actors and enabling the distribution of
malicious content worldwide, we can`t help but wonder -- is the online
advertising industry responsible for the public`s safety?` the report
asked. `Indeed, how can we be certain that the advertisement we
encounter while visiting legitimate websites are not meant to harm us?`

Search

Latest News

This was revealed in the 2025 Easter border operations report, which saw border management authority officials, saps officers and home affairs workers intensify efforts to prevent illegal travel into the country over the holiday period.JOHANNESBURG - Zimbabwean nationals have been identified as the leading individuals attempting to illegally gain entry into South Africa.... Read more...

THE High Court has nullified the re-registration of a birth certificate for a child born out of wedlock, ordering the Registrar-General to strike it from the records.This ruling declared the birth certificate invalid, questioning the legality of attributing paternity to a deceased man decades after his death.The dispute arose from a contested inheritance involving the late Lazarus Mkuduâs estate.Teresiah Mkudu, the applicant, sought a declaratory order to invalidate Ruvimbo Manyondaâs birth certificate, issued nearly 20 years after Mkuduâs death.... Read more...

Residents from 34 countries can now apply for a visa to South Africa online. There are now 34 countries that can apply for a visa to South Africa online, which National Treasury says will help attract more tourists and skills into the country.This was trumpeted in Wednesday`s Medium-Term Budget Policy Statement (MTBPS) as being one of the key successes of Operation Vulindlela. Operation Vulindlela is a joint initiative of the Presidency and National Treasury to assist in the acceleration of critical reforms needed to accelerate the economy.... Read more...