Malware authors target World Cup ads and apps
With the FIFA World Cup in full swing, every company under the sun is trying to cash in on the world’s biggest sporting event this side of the Summer Olympics – including cyber-criminals. Every four years, a new crop of mobile applications pop up in their respective market places, but not all of them are as innocent as they appear.
The malware and mobile virus industry is a billion-dollar enterprise, as millions of users around the world each year fall victim to unscrupulous individuals who want nothing more than to steal personal information as such banking details, login credentials and key strokes. Many of the malicious code used to infect devices are hidden in advertising, turning them into dangerous malvertising: advertising containing malware, or malicious advertising.
To make matters worse, you might not even know that you are being infected, or have been, as there are no signs that you can look out for.
“Infections delivered through malvertising do not require any user interaction, so a user does not necessarily need to click on the advertisement for the malware to spread. The infections also do not rely on vulnerabilities on the server nor the website it is hosted from,” explained Philip Pieterse, senior security consultant at Trustwave in South Africa.
The spread of malvertising came to light again as the World Cup neared its start, as a popular sports-focused Brazilian website hosted malicious code in its design.
People who made use of a vulnerable version of Adobe Flash were susceptible to an attack using the malicious ad. This site’s ad provider redirected users to “ib.adnxs.com”, a domain associated with previous malvertising campaigns.
“The Adobe plugin in the browser parses the advertisements in order to show them on that page. If the plugin is not fully patched and is vulnerable to the exploit which is embedded in the advertisement (a Flash file), then the exploit will be successful and malware will be dropped on the user’s machine. All that would happen even if the user never clicks that advertisement.”
To make sure that you are visiting the genuine website that you intended to, physically type the address into the search bar. Websites that provide a link can re-direct you to a similar looking website that’s malicious.
“The attackers use various obfuscation techniques to try and hide the fact that this malicious website is in fact not the real one,” added Pieterse.
He said that it is practically impossible for you to tell if the website you are visiting is hosting malicious, unless you have a reputable end point protection solution installed that can detect and block the malicious ads from being loaded.
This is not the first time that Adobe Flash has been used as a vessel to host malicious code, and IT security analysts are of the opinion that whenever a pop-up appears for the program to be updated, it should be done immediately – and for all programs installed.
“If you are running the most up-to-date version then it is making it more difficult for the attackers to get you infected. Vulnerabilities get discovered and fixes and prevention methods gets applied in updates and patches, thus keeping your software up to date protects you against the latest detected threads,” Pieterse continued.
And with the FIFA World Cup captivating the minds of football lovers, cyber-criminals are becoming more brazen in their attempts to dupe users. As in the case with the Brazilian sports website, Pieterse explains that malicious ads on websites are most effective if the website has a connection to a world event, and expecting a surge of traffic – increasing the chances of being infected.
But he also warns that even if you don’t click on the link or advertising banner, you will get infected if your software isn’t updated.
“It is worthwhile to upload malicious ads to sites whose popularity increases due to that event, but remember that if the user runs a vulnerable version of Adobe Flash Player, they will get infected by that malicious ad even if they never click on it.”
If you don’t want to score an own goal in this year’s FIFA World Cup, then by having a reputable anti-virus or end point security software installed is really the only way that you would be able to block malicious code from running on your machine, apart from keeping your software up to date of course.[Image – Personal Tech]