|11 Oct 2011||#1|
| || |
Malvertising lifecycle case study 1--OpenX compromise on speedtest.net
Incident: SpeedTest.net, ranked 541 on Alexa with 8,141,777 unique visitors and 10,177,221 page views per month, fell victim to malvertising and was spreading the "Security Sphere 2012" fake antivirus to its visitors. By simply navigating to the website, visitors with outdated browsing environments (browser or browser plugins such as Java, Adobe Flash, Adobe PDF Reader, etc) will end up with Security Sphere permanently installed inside their systems.
Malware: By claiming that every application "has been infected by malware and cannot be executed," Security Sphere 2012 basically locks down the infected computer until the victim purchases a "license" for it to "clean up the infections."
Cause: SpeedTest.net runs its own online advertisement platform using OpenX, using the domain ads.ookla.com. The attackers have compromised this OpenX platform and injected an malicious iframe into every ad served. We have a video of the how visitors are infected:
|My System Specs|
|Similar help and support threads for2: Malvertising lifecycle case study 1--OpenX compromise on speedtest.net|
|Is it possible to get 0 ms ping on speedtest.net via Wi-Fi||Network & Sharing|
|Speedtest.net||Network & Sharing|
|Microsoft Announces a New Support Lifecycle Policy for Online Services||News|
|OpenX Vulnerability Exploited to Compromise Multiple Ad Servers||System Security|
|Game Site Compromise||System Security|
|The Microsoft Security Development Lifecycle Evolves.||News|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 05:22 AM.