Malicious ads threaten users again

[Детективное агентство ИКС-Инфо.]

After a lull, the attackers resumed the practice of drive - by download attacks through malicious advertising. First of all, users of the Spotify online service and the Facebook social network were affected.

Spotify is a popular internet service whose users can listen to any music for free by installing specialized software. Although it is not available in all countries of the world, its audience is more than 10 million users. It is worth noting that, like any similar service, Spotify has both a free and a paid version. The main difference between the latter is that users are deprived of the opportunity to view ads that are displayed in the program.

So, this week it became known that users of the free version, which number about 9 million, were victims of the attackers' favorite method of attack - malicious advertising. This is usually an ad banner that contains the executable code of an exploit, aimed mainly at vulnerabilities in browsers. If executed, the program downloads more dangerous malware onto the victim’s computer. According to experts in the field of security Netcraft, in this case, the hackers used the exploit for the Java vulnerability.

At the same time, Facebook users reported the appearance of similar advertising on the pages of the resource. According to Sophos security researchers, in the event of a transition, the user is taken to a page where he is recommended to install Adobe Flash Player, and if he agrees, an executable file with the name of the program gets to the computer. It is worth noting that the administration of the social network promptly responded to the message of specialists and the problem has already been eliminated.

However, users are strongly advised not to react to the tricks of fraudsters and, in order to avoid such threats from entering the computer, keep the installed software, including the operating system, up to date.

source anti-malware.ru

 

[Матушкин Андрей Николаевич]

Thank.