CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
December 3rd, 2008

Daily Mail Serves Malicious Ads, Readers Redirected To Malware Installing Server

Accordging to SophosLabs, Daily Mail website is being used to serve up malware. A strain of the Mario family of worms was being offered by redirection script injected into the Daily Mail website.

Code injected into the wesbite is being used to serve up content for a malware-harbouring website located in Russia. This site uses vulnerabilities in browser software to download malicious code onto unpatched Windows PCs, a classic drive-by-download attack.

Analysis of the attack is ongoing and it’s not clear what other sites might be affected.

Sophos investigation revealed suspicious behavior when at the beginning Internet Explorer loads its default homepage and then access the affected webpage. After half a dozen refreshes it attempted to connect to http://77.221.133.xxx, IP known for hosting malware in the past. Further investigation shows that the site anm.co.uk was hosting the malicious code and legitimate adverts.

Doing a WHOIS lookup on this IP shows its hosted in Russia. Recently, Sophos has seen IPs in this network range associated with W32/MarioF-Gen.

Daily Mail has been informed of the attack but it’s unclear how far Associated Newspaper technicians have gone in blocking the attack.

UPDATE (December 11): The infected ads were served from the servers of the publisher of the Mail, not from the actual ad serving network. In some cases malware served through hijacked ad networks accounts and during the initial investigation it was unclear whats the origin of malware.

Share this item with others:

More on CyberInsecure:
  • Digitalspy.co.uk Serves Infected Banner Ads, Malware Mechanism And Type Remain Unclear
  • Malicious Adobe Flash Ads Hit High-Profile Websites
  • Popular Facebook Game Caught Serving Malvertisements
  • OpenX.org Used As An Intermediary For Malware, Possibly Spreading Exploits And Trojans
  • Yahoo Banner Ads Infecting Visitors With Malware

    • Posted in Breaches And Incidents, Malware, Trojans & Worms | Print This Post Print This Post

    This entry was posted on Wednesday, December 3rd, 2008 at 12:35 pm and is filed under Breaches And Incidents, Malware, Trojans & Worms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Daily Mail Serves Malicious Ads, Readers Redirected To Malware Installing Server

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »