Expired domains used by hackers to spread malware via popular sites

17 March 2016
By Tereza Pultarova
Mobile version
Share |
This banner displayed on popular news websites directs users to a malicious page

This banner displayed on popular news websites directs users to a malicious page

Hackers have found a new way of spreading malware into the computers of unsuspecting users by buying expired domains of advertising companies to insert fake malware-carrying ads into popular news and entertainment websites.

The practice, described by US information-security company Trustware in a blogpost published earlier this week, has affected a range of high-profile websites including the New York Times, Newsweek, BBC and AOL.

The malicious campaign used an expired domain of advertising company BrentsMedia to direct users to the so called Angler exploit kit and infect their computers with malware.

“In the past few days while going over the telemetry of our products we noticed that several high-profile sites were fetching a JSON file which is hosted on brentsmedia.com as part of their process for pulling advertising content from their ad providers,” Trustware wrote in the blogpost.

“This JSON file refers to a suspicious, heavily obfuscated JavaScript file with more than 12,000 lines of code. Our suspicions grew further when de-obfuscation of the script revealed that it tries to enumerate the following list of security products and tools in order to filter out security researchers and users with protections that would prevent exploitation.”

Essentially, what happens is that the user may accidentally or intentionally click on the fake advert, which directs them to the fake website. Every click on the website results in the user downloading the malware.

According to Trustware’s investigation, the probably legit BrentsMedia website expired on 1 January 2016 but was registered again by a different user two months later. Acquiring the domain allowed the hackers to generate lots of traffic from websites that publish ads either directly or as affiliates of other ad networks, the researchers said.

"To be clear, this is impacting ads from third parties that are beyond our control," New York Times spokesman Jordan Cohen told Reuters, adding that the firm was investigating the attack.

The researchers have found further expired websites performing the same trick - envangmedia.com and markets.shangjiamedia.com.

“If one was to take a wild guess, one might think that they [the attackers] actually are watching for any domains containing the word ‘media’ that have recently expired,” Trustware wrote.

“Whether or not this will turn into a new trend, it's certainly an interesting development in the world of malvertising, once again reminding us how difficult it is for both end-users and ad networks to deal with this threat.”

The Angler exploit kit, first discovered in late 2013, is currently the most widely used exploit kit known to researchers. Notorious for its ability to constantly innovate, as well as evade detection by security products, Angler is being used to infect victims’ computers with Bedep trojan and the TeslaCrypt ransomware.

The researchers said they did not know who was behind the attack, which could be perpetrated either directly by the Angler team or by an affiliated third party criminal.

Latest Issue

E&T cover image 1606

"Where would Frankenstein and his creative mind fit into today's workplace? Should we fear technological developments or embrace them?"

E&T jobs

  • Graduate Electrical Engineers

    • United Kingdom and Ireland
    • Competitive

    Due to the diverse nature of our business there are many different teams each with very different responsibilities.

    • Recruiter: AECOM

    Apply for this job

  • Network Innovation Engineer / Analyst - UK Power Sector

    Premium job

    Nortech Management Ltd
    • Birmingham, West Midlands or Pershore (Worcestershire)
    • £30,000 - £35,000 (depending on experience) + benefits

    Network Innovation Engineer / Analyst to join a team of talented technology enthusiasts who design and support the low carbon networks of the future.

    • Recruiter: Nortech Management Ltd

    Apply for this job

  • Electrical Engineer with Strong telecoms background

    Premium job

    Sure South Atlantic Ltd
    • Falkland Islands

    Sure South Atlantic Ltd currently has a unique engineering opportunity in their Falkland Islands office. Surrounded by the Atlantic Ocean, teeming ...

    • Recruiter: Sure South Atlantic Ltd

    Apply for this job

  • Cyber, Communication, Information and Data Scientist roles

    Premium job

    • Porton Down, Salisbury
    • Competitive salaries

    Information is everything. Use it to serve your country and help keep us safe.

    • Recruiter: Dstl

    Apply for this job

  • Production Engineer

    Premium job

    Compact Engineering
    • Thirsk / Leeds / Banbury / Colchester / Cambridge
    • Salary will be competitive and commensurate with experience, knowledge, aptitude and capability

    A Production Engineer with some knowledge and understanding of radiant energy transfer.

    • Recruiter: Compact Engineering

    Apply for this job

  • Electronics Engineer

    Premium job

    Nikon Metrology Europe
    • Tring, Hertfordshire

    Nikon Metrology is looking for an Electronics Engineer to join our Electronics Team based in Tring (UK).

    • Recruiter: Nikon Metrology Europe

    Apply for this job

  • Engineering Manager

    BAE Systems
    • Hampshire, England, Portsmouth
    • Competitive package

    Would you like to play a vital role in managing and implementing the correct governance in order to enable BAE Systems to provide assurance and integrity of supply chain data? We currently have a vacancy for an Engineering Manager - Product Integrity

    • Recruiter: BAE Systems

    Apply for this job

  • Engineering Project Manager - Electrical & Automation

    • York, North Yorkshire
    • c£45,000 + Car Allowance + Bonus + Excellent Benefits

    Nestlé Product Technology Centre in York currently has an excellent opportunity for an Engineering Project Manager

    • Recruiter: Nestle

    Apply for this job

  • Consultant Engineer - Test

    BAE Systems
    • Farnborough, Hampshire, England
    • Negotiable

    Consultant Engineer - Test Would you like to be a lead within an exciting team working on one of the UK's largest defence projects? We currently have a vacancy for a Consultant Engineer - Test at our site in Ash Vale. As a Consultant Engineer - Test, you

    • Recruiter: BAE Systems

    Apply for this job


    • Reading, Berkshire

    SSE are looking to recruit an Electrical Project Engineer into office in Reading

    • Recruiter: SSE

    Apply for this job

More jobs ▶


Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T