IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hackers use DoubleClick & Zedo ad networks to spread malware

Criminals use ads to get victims to install Zemot malware

Hackers have harnessed the power of two advertising networks, Google's DoubleClick and Zedo, to run ads that install malware on users' computer.

According to IT security firm Malwarebytes, the Times of Israel, The Jerusalem Post and Last.fm have all been exploited by cybercriminals with malvertising.

Jerome Segura, a senior security researcher with Malwarebytes, said in a blog post his company "rarely see attacks on a large scale like this".

While ad networks work hard to ensure they filter out malware, the occasional piece will slip through the net, meaning on a high-traffic website, malware can spread to a large number of victims. It also means the site serving up the malware is often doing so unknowingly.

He said the ads lead users to sites containing an exploit kit known as "Nuclear".

The malware looks to see if a vulnerable version of Adobe Flash is running or an unpatched version of Internet Explorer. If this is found, it then downloads the Zemot malware, which connects to a remote server and downloads a raft of other malicious applications.

The Zemot malware was identified by Microsoft earlier this month. According to Microsoft, Zemot is usually distributed not only by the Nuclear exploit kit but also by the Magnitude exploit kit and spambot malware Kuluoz.

"What is important to remember is that legitimate websites entangled in this malvertising chain are not infected. The problem comes from the ad network agency itself," said Segura.

Segura warned users to keep their systems up-to date, with current antivirus and anti-malware protection. The firm has also warned the websites about inadvertently serving up malware in advertising.

Earlier this month, Kyle and Stan malvertising showed up on hundreds of websites including Amazon, YouTube and Yahoo.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022