Malicious advertisements distributed by DoubleClick, Zedo networks

lastfm exploit
Credit: Malwarebytes.org

Two online advertising networks, Google's DoubleClick and Zedo, have been delivering malicious advertisements that could install malware on a person's computer, according to the security vendor Malwarebytes.

The Times of Israel, The Jerusalem Post and the Last.fm music services were among the websites serving the malicious advertisements, wrote Jerome Segura, a senior security researcher with Malwarebytes, in a blog post.

"We rarely see attacks on a large scale like this," he wrote.

[ Hidden rogue cell phone towers ]

Although ad networks try to filter out malicious ones, occasionally bad ones slip in, which on a high-traffic site means a large pool of potential victims. Websites that serve the ads are usually unaware of the problem.

"What is important to remember is that legitimate websites entangled in this malvertising chain are not infected," Segura wrote. "The problem comes from the ad network agency itself."

DoubleClick and Zedo officials couldn't immediately be reached for comment.

Segura wrote that the ads direct victims to sites hosting the "Nuclear" exploit kit, which attempts to see if a computer is running vulnerable versions of Adobe Systems' Flash program or Internet Explorer, among others.

A successful attack will install the "Zemot" malware, which can connect to a remote server and download other malicious applications.

Segura wrote that Malwarebytes is still investigating, but that the company had warned The Times of Israel.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Related:
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.