Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Malvertising lifecycle case study 1--OpenX compromise on speedtest.net

11 Oct 2011   #1

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
Malvertising lifecycle case study 1--OpenX compromise on speedtest.net

Quote:
Incident: SpeedTest.net, ranked 541 on Alexa with 8,141,777 unique visitors and 10,177,221 page views per month, fell victim to malvertising and was spreading the "Security Sphere 2012" fake antivirus to its visitors. By simply navigating to the website, visitors with outdated browsing environments (browser or browser plugins such as Java, Adobe Flash, Adobe PDF Reader, etc) will end up with Security Sphere permanently installed inside their systems.

Malware: By claiming that every application "has been infected by malware and cannot be executed," Security Sphere 2012 basically locks down the infected computer until the victim purchases a "license" for it to "clean up the infections."

Cause: SpeedTest.net runs its own online advertisement platform using OpenX, using the domain ads.ookla.com. The attackers have compromised this OpenX platform and injected an malicious iframe into every ad served. We have a video of the how visitors are infected:
Source

A Guy


My System SpecsSystem Spec
.

Reply

 Malvertising lifecycle case study 1--OpenX compromise on speedtest.net




Thread Tools



Similar help and support threads for2: Malvertising lifecycle case study 1--OpenX compromise on speedtest.net
Thread Forum
Is it possible to get 0 ms ping on speedtest.net via Wi-Fi Network & Sharing
Speedtest.net Network & Sharing
Microsoft Announces a New Support Lifecycle Policy for Online Services News
OpenX Vulnerability Exploited to Compromise Multiple Ad Servers System Security
Game Site Compromise System Security
The Microsoft Security Development Lifecycle Evolves. News
Speedtest Gadget Gadgets

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 12:04 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33