Massive Ad Poisoning scam and what you can do to protect against it

Massive Ad Poisoning scam and what you can do to protect against it

Aug 18 2015 – Your Friendly Neighbourhood IT Guy – http://wp.me/p1fJaD-4o

Share this with others to help stop or at least slow the spread of this and other threats and reduce the impacts.

There has been a massive “scam” going around that impacts web advertisements, called Ad Poisoning. This specific case involves infecting computers with ransomware (encrypting your data and demand payment to decrypt). Most advertisers do not sell their ads to websites one at a time. Websites that want to make money sell their advertising space to an ad network. Advertisers sign contracts with that ad network which then displays the ads on the participating websites. The ad network sits in the middle between the advertisers and the websites and manages the traffic and the payments.

There is the problem. Cyber criminals fool the ad network into thinking they are a legit advertiser, but the ads which are displayed on major websites are poisoned. If you browse to a page with a poisoned ad on it, that is enough to run the risk your device will be encrypted with ransomware (or other malicious software), which the Cyber criminals then demand money to decrypt your personal or work files.

If you have a device that is infected with ransomware it is strongly discourage anyone from paying the ransoms as it opens you up to financial risks/exploits.

The recommended preventative measures around these types of attacks are run a pop up blocker, anti-exploit or mitigation tool, web content inspection tool and disable java unless one of the previous tool protects Java.  Many companies run a network based web content inspection tool. Please keep in mind that none of these methods ensure complete protection.

Find more info on some of the suggested preventive measures below.

Due to the recent malicious campaign targeting some legitimate advertising networks/sites, you can temporarily block these websites if you are using OpenDNS or other DNS providers if they offer this service.  If not you can temporarily add the list to your host file and point each to 127.0.0.1. More info below.

Ebay.com
Azurewebsites.net
Mbiscotti.com
Weather.com
Drudereport.com
Wuunderground.com
Findagrave.com
Webmaila.juno.com
My.netzero.net
Sltrib.com
Adspirit.de

Check this site for updates as sites may get added or removed from the list if they are detected as using the impacted advertising network(s) or have mitigated the issue.
SSL Malvertising campaign continues

Here are some of the options to try and better protect your families computers and devices from this type of attack / threat and others:

Some of the following and more can be found here:  Better protect your computers phones and more

DNS or Host file changes:

I use OpenDNS on our router at home and have temporarily added the above sites to the block list (some where already blocked by OpenDNS for known threats)

Alternately you can add the list to your host file to block:
Open a text editor like notepad. Run as an administrative account and open your hosts file e.g. c:\windows\system32\drivers\etc\hosts and point each to 127.0.0.1.
e.g.
127.0.0.1  Azurewebsites.net
127.0.0.1  Wuunderground.com
etc…

Anti-Exploit and Mitigation tools tools:
Don’t try running both of these as they will conflict.  Just 1 or the other.  Same goes with running any 2 of these types of tools.  They do work ok with traditional anti-virus like MSSE, Defender, McAfee or Trend AV etc…

Malwarebytes Anti-Exploit
This free tool plugs into at least IE, Chrome, Firefox and will block many Ad Poisoning sites an other threats.  It is easy to install and does not need any configuration.  The free version protects the above browsers and Java but you need to buy the premium version to protect Adobe Reader and other apps.  Microsoft’s EMET does all of these and more and is free but may need a bit more tweaking (more info below).

I have used there Anti-Malware scanner for Windows for years and it has worked well especially when helping some friends cleanup the computer after it gets so slow or stops working completely.

Microsoft’s Enhanced Mitigation Experience Toolkit (EMET):
This tool appears to offer more protection but may need some configuration or tweaking.
It has pre-set configuration for many apps and you can add more or if you want to be even more secure but risk some apps crashing and needing tweaking or disabling then enable for all apps.

I configured it to monitor all the default apps and added a few so IE, Chrome, Firefox, Java and several other apps monitored.

I have used it at home and the early versions caused some apps to crash and needed tweaking or disabling for the app but the last 2 versions have been a lot better. I haven’t noticed any issues for awhile.
https://technet.microsoft.com/en-us/security/jj653751

Here is more info on the above 2 tools and a similar commercial product:
http://www.howtogeek.com/223228/use-an-anti-exploit-program-to-help-protect-your-pc-from-zero-day-attacks/http://www.howtogeek.com/223228/use-an-anti-exploit-program-to-help-protect-your-pc-from-zero-day-attacks/

About Kevin Yaworski

I use my blog to write about things I find interesting or that I think are matter of public interest.
This entry was posted in Computers and Internet, News and politics and tagged , . Bookmark the permalink.

One Response to Massive Ad Poisoning scam and what you can do to protect against it

  1. Pingback: Better protect your computers, other internet connected devices and more | Whats Up

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s