The Latest in IT Security

They’re Baaaaack… (Return of the Malvertisers)


Along with the public release of information about a large, long-running malvertising campaign, I also sent the full list of steathy malvertising domains to several contacts in the WebAd/anti-malvertising community. This led to a two-front war on the malvertisers, with the ad industry cutting off traffic to the domains at the top, and Blue Coat (and other security companies that follow our blog) blocking the traffic at the bottom. Consequently, the campaign basically collapsed.

Things got very quiet after September 11th, and for a few days there didn't seem to be any active malvertising domains in the whole network. Had the Bad Guys given up and seen the error of their ways? Heck no! (For one thing, they still had a bunch of domains they'd paid to register last year, and they sure didn't want to waste that money!)

So we kept an eye out, and sure enough, last Monday (9/15) the traffic began again. Granted, the volume is nowhere near where it was before their network was torn apart, but I suppose it takes time to make a bunch of changes and get a new set of stealth malvertising domains into the ad pipeline.

So far, we've only seen a handful of new domains come on line. Here's the list:

Domain Registration Date Traffic Began Primary Traffic Sources (Victim Sites) 10/31/2012 9/17/2013 10/31/2012 9/18/2013 11/08/2012 9/18/2013, many small sites 10/31/2012 9/16/2013 10/31/2012 9/15/2013, other NFL fan sites

Once again, the striking characteristics of this gang are their patience in registering their domains up to a year before they start using them, and the care with which they segment the attack, using each domain to serve ads to one site or family of sites.

And, since 4 of the new domains were all registered last Halloween, it's appropriate to close with this classic movie tag line:

image from Poltergeist 2

"They're back."




Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments