Expired domains used by hackers to spread malware via popular sites

17 March 2016
By Tereza Pultarova
Mobile version
Share |
This banner displayed on popular news websites directs users to a malicious page

This banner displayed on popular news websites directs users to a malicious page

Hackers have found a new way of spreading malware into the computers of unsuspecting users by buying expired domains of advertising companies to insert fake malware-carrying ads into popular news and entertainment websites.

The practice, described by US information-security company Trustware in a blogpost published earlier this week, has affected a range of high-profile websites including the New York Times, Newsweek, BBC and AOL.

The malicious campaign used an expired domain of advertising company BrentsMedia to direct users to the so called Angler exploit kit and infect their computers with malware.

“In the past few days while going over the telemetry of our products we noticed that several high-profile sites were fetching a JSON file which is hosted on brentsmedia.com as part of their process for pulling advertising content from their ad providers,” Trustware wrote in the blogpost.

“This JSON file refers to a suspicious, heavily obfuscated JavaScript file with more than 12,000 lines of code. Our suspicions grew further when de-obfuscation of the script revealed that it tries to enumerate the following list of security products and tools in order to filter out security researchers and users with protections that would prevent exploitation.”

Essentially, what happens is that the user may accidentally or intentionally click on the fake advert, which directs them to the fake website. Every click on the website results in the user downloading the malware.

According to Trustware’s investigation, the probably legit BrentsMedia website expired on 1 January 2016 but was registered again by a different user two months later. Acquiring the domain allowed the hackers to generate lots of traffic from websites that publish ads either directly or as affiliates of other ad networks, the researchers said.

"To be clear, this is impacting ads from third parties that are beyond our control," New York Times spokesman Jordan Cohen told Reuters, adding that the firm was investigating the attack.

The researchers have found further expired websites performing the same trick - envangmedia.com and markets.shangjiamedia.com.

“If one was to take a wild guess, one might think that they [the attackers] actually are watching for any domains containing the word ‘media’ that have recently expired,” Trustware wrote.

“Whether or not this will turn into a new trend, it's certainly an interesting development in the world of malvertising, once again reminding us how difficult it is for both end-users and ad networks to deal with this threat.”

The Angler exploit kit, first discovered in late 2013, is currently the most widely used exploit kit known to researchers. Notorious for its ability to constantly innovate, as well as evade detection by security products, Angler is being used to infect victims’ computers with Bedep trojan and the TeslaCrypt ransomware.

The researchers said they did not know who was behind the attack, which could be perpetrated either directly by the Angler team or by an affiliated third party criminal.

Latest Issue

E&T cover image 1605

"We visit Barcelona, one of the smartest cities in the world, to find out what makes it so special. What does it look like and what is the future?"

E&T jobs

  • Senior Development Engineer, Electronics

    Premium job

    Helmet Integrated Systems / Gentex Corporation
    • Letchworth Garden City, Hertfordshire
    • Competitive

    We are innovative, robust and fast growing business, whose main focus is to deliver continues improvement to existing products and offer new soluti...

    • Recruiter: Helmet Integrated Systems / Gentex Corporation

    Apply for this job

  • Smart Grid Research Engineer

    Premium job

    University of Strathclyde
    • Cumbernauld, Glasgow
    • Grade: 6/7* £26,537 - £37,768*

    Work as part of a growing dynamic team on a wide range of technical projects with particular emphasis on experimental validation and testing

    • Recruiter: University of Strathclyde

    Apply for this job

  • Electrical Asset Specialist

    Affinity Water
    • Hatfield, Hertfordshire

    Responsible for updating and writing electrical engineering standards, approved codes of practice and safe systems of work

    • Recruiter: Affinity Water

    Apply for this job

  • Senior Electronics Engineer

    York Instruments
    • York, North Yorkshire

    Senior electronics engineer to work as part of a team developing an MEG imaging system; working with the engineering team and external contractors.

    • Recruiter: York Instruments

    Apply for this job

  • Manufacturing Engineer - Circuit Card Assembly

    MBDA
    • Lostock Junction
    • Competitive Salary & Benefits

    What’s the opportunity?   Manufacturing UK is an integral part of the Operations Directorate whose principal mission is to ensure that MBDA’s deliverable commitments are met...

    • Recruiter: MBDA

    Apply for this job

  • High Voltage Engineer

    Premium job

    Essex X-Ray & Medical Equipment
    • Great Dunmow, Essex

    This High Voltage Engineer will provide design leadership for high voltage cable assemblies up to one megavolt.

    • Recruiter: Essex X-Ray & Medical Equipment

    Apply for this job

  • Team Leader - Flank Arrays

    BAE Systems
    • Barrow-In-Furness, Cumbria, England
    • Negotiable

    Team Leader - Flank Arrays Would you like to work in a unique role within the construction of the Astute Class submarines? We currently have a vacancy for a Team Leader - Flank Arrays at our site in Barrow-in-Furness. As a Team Leader - Flank Arrays, you

    • Recruiter: BAE Systems

    Apply for this job

  • Electronics and Software Engineer

    Copley Scientific Ltd
    • Nottingham
    • circa £35,000 per annum + bonus

    Develop new test equipment for the pharmaceutical industry. Good opportunities to grow and develop. Successful family-owned and managed business.

    • Recruiter: Copley Scientific Ltd

    Apply for this job

  • Bridge Test Facility Manager

    BAE Systems
    • Shropshire, Telford, England
    • Negotiable

    Bridge Test Facility ManagerWe currently have a vacancy for a Bridge Test Facility Manager at our site in Telford with our Land UK business.As the Bridge Test Facility Manager, you will be part of our Test & Trials team, working closely with the Mili

    • Recruiter: BAE Systems

    Apply for this job

  • Maintenance Electrician – Water Utilities

    United Utilities
    • Workington, Cumbria
    • Competitive salary + bonus & great benefits       

    A wide-ranging Maintenance Electrician role with United Utilities, serving millions in the North West.

    • Recruiter: United Utilities

    Apply for this job

More jobs ▶

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T