Millions of Web Surfers are Being Targeted by a Single Malvertising Group
upstart writes in with an IRC submission:
Millions of web surfers are being targeted by a single malvertising group:
Infiltrating the ad ecosystem by posing as a legitimate buyer requires resources. For one, scammers must invest time learning how the market works and then creating an entity that has a trustworthy reputation. The approach also requires paying money to buy space for the malicious ads to run. That's not the technique used by a malvertising group that security firm Confiant calls Tag Barnakle.
"Tag Barnakle, on the other hand, is able to bypass this initial hurdle completely by going straight for the jugular-mass compromise of ad serving infrastructure," Confiant researcher Eliya Stein wrote in a blog post published Monday. "Likely, they're also able to boast an ROI [return on investment] that would eclipse their rivals as they don't need to spend a dime to run ad campaigns."
Over the past year, Tag Barnakle has infected more than 120 servers running Revive, an open source app for organizations that want to run their own ad server rather than relying on a third-party service. The 120 figure is twice the number of infected Revive servers Confiant found last year.
Once it has compromised an ad server, Tag Barnakle loads a malicious payload on it. To evade detection, the group uses client-side fingerprinting to ensure only a small number of the most attractive targets receive the malicious ads. The servers that deliver a secondary payload to those targets also use cloaking techniques to ensure that they also fly under the radar.
Read more of this story at SoylentNews.