JMH3143· Microsoft MVP, Microsoft Support Visiting Expert,
Discussion Starter · #1 ·
https://blog.malwarebytes.org/explo...-likes-and-livejournal-hit-with-malvertising/Domain shadowing combined with fingerprinting continues to be an effective method to bypass security screenings and scanners from detecting advanced malvertising attacks. Just last week, some users visiting classifieds site Gumtree were exposed to malware via this very technique.
The latest victims from malvertising are two popular social sites: likes.com and livejournal.com. The former attracts close to 110M visitors a month, while the latter has over 140M.* It is worth reiterating that these malvertising attacks happen automatically and that users do not have to click on the ad banner to get infected.
Defrauding the ad industry
Online criminals harvest registrant/domain credentials from legitimate companies via phishing attacks or by using password stealers running on administrators’ machines.
They choose businesses that are most likely to offer a product or service and cleverly design an ad banner using some images and content from the site they are abusing. Last but not least, they register a subdomain (with the stolen username/password) to host that ad banner.