Unsuspecting internet surfers are being fooled into clicking on seemingly above-board ads from recognisable brands only to end up on malicious websites that install malware on the users’ computers.
Websense Security Labs has discovered that the popular auto trading site Autotrader.co.uk and cinema site Myvue.com have both served ads that redirected the user to malicious websites.
In both cases, the malicious ads were tailored to respond to user activity with several masked redirects before installing a rogue anti-virus which disrupts the use and ordinary functionality of the computer.
Cyber criminals willing to pay for advertising
The websites themselves weren’t compromised but were serving ads from an ad provider called Unanimis that led browsing users seamlessly – in the background and without their knowledge – to exploit sites.
“Cyber criminals are willing to pay for advertising to propagate malware and popular websites are a good target as they are invariably ‘trusted’ and boast high traffic,” Elad Sharf, Websense Security Labs, explained in the company’s blog.
“We have been following the exploit domains in this malvertising campaign for quite awhile now. In addition to MyVue.com and Autotrader.com, we’ve also received reports that ebay.co.uk and londonstockexchange.com were also affected.
“One of the advantages that cyber criminals enjoy with malvertising campaigns is that they can be easily spread across a large number of legitimate websites without directly compromising those websites,” Sharf warned.