Malvertising strikes Gumtree

By on
Malvertising strikes Gumtree

Popular classified advertising site Gumtree was hit with a malvertising attack, according to Malwarebytes Labs.

According to Malwarebytes researchers, miscreants penetrated the network of an Australian legal firm and put up a phony version of its site that appeared legitimate, but actually contained a fraudulent subdomain off its main server. 

Gumtree, a subsidiary of eBay, receives 48 million monthly visits and is popular in the UK, Australia and South Africa.

The criminals cut and pasted the firm's logo and some text from the legitimate site and fashioned what appeared to be a typical ad banner. They then contacted ad networks to inquire about advertising.

Anyone clicking on the bogus, malvertising-laden ad would be vulnerable to receiving the Angler exploit kit, which typically injects different payloads, including ransomware or banking trojans.

Researchers detected a fingerprinting approach – that had been observed previously – capable of avoiding security tools or network packet captures.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

Do you want your kids to get into IT?
Yes
No
View poll archive

Log In

Username:
Password:
  |  Forgot your password?