For a long time, the mantra for company computers was 'Never change a running system'. This approach is a gold mine for attackers. Only people who keep their software and operating system fully up to date are protected against such attacks.
Bochum, Germany (PRWEB) April 17, 2015
As reported by Security Week and others, attackers have abused the Google AdSense advertising network to distribute malware to millions of Internet users. G DATA Exploit Protection has been fending off the attacks since the outset and has protected users against computer infections. The cause of these attacks was a compromised supplier of the advertising network. The attackers used an exploit kit that, among other things, exploits a security hole in Adobe Flash Player. On many computers, this vulnerability has not been closed, even though an official patch is available. G DATA SecurityLabs have now published an analysis that explains these cyber attacks in detail.
What is Google AdSense?
Google AdSense is one of the world's largest advertising networks. Many website operators rely on this service: 12 percent of the 100,000 most popular websites use AdSense (source: BuiltWith).
Abusing this platform to distribute malware provides the attackers with a huge target group.
PCs that had not installed the Adobe security update by at least 19 March 2015 have been susceptible to attack by the exploit kit. Cyber attacks frequently occur via security holes that have already been patched. Reactive protection technologies such as virus signatures are helpful against an exploit only to a certain degree. These technologies generally have a longer response time and can only offer protection against threats that are already known. Proactive protection technologies such as G DATA Exploit Protection secure users against unknown attacks, known as zero day attacks. Regularly installing security updates for the operating system and frequently used software is therefore essential. Analysis by G DATA SecurityLabs clearly shows that the exploit kit has become more successful in its attacks since the integration of this exploit. The number of attacks being fended off is growing, reaching its current high on April 07, when the malware was distributed via Google Ads (see Chart).
What is an exploit kit?
An exploit kit is a tool that contains a number of different attacks on vulnerabilities (exploits) and is used as a means of attack. The tool checks the computer for installed software and unclosed security holes. If a security hole is found, the appropriate exploit for exploiting the vulnerability is sent to the computer, which then downloads malware onto the PC.
Detailed information is available here: https://blog.gdatasoftware.com/blog/article/staying-alert-when-buying-banners-googles-advertising-service-misused-for-distributing-malware.html
Articles discussing Malware spreading through Google AdSense:
IT Pro, January 16, 2015: http://www.itproportal.com/2015/01/16/google-adwords-adsense-networks-hacked/
PC World, January 15, 2015: http://www.pcworld.com/article/2871032/google-nixes-widespread-malvertising-attack.html
Security Week, January 15, 2015: http://www.securityweek.com/malvertising-campaign-abuses-google-adsense
About G DATA
IT security was invented in Germany: G DATA Software AG is the antivirus pioneer. It was more than 29 years ago that the company, founded in Bochum, developed the first program to combat computer viruses. These days, G DATA is one of the world's leading providers of IT security solutions. G DATA, Inc. is the U.S. Subsidiary located in Atlanta, GA.
For more information about the company and G DATA security solutions, see http://www.gdatasoftware.com
For sales inquiries in North America please contact Contronex, Inc.