Pegel now in banners
We’re still monitoring Pegel, and we’ve come across something which piqued our interest: redirects to malicious websites hosting exploits weren’t only coming from infected legitimate sites, but also from flash ads on legitimate sites. Not really standard, so we decided to take a closer look.
The browser displays flash ads which are used in this way just like a normal banner, and if you click, you do end up on an advertising site.
But when we analyzed the ActionScript code of the ad, we found the following script which runs when the ad is loaded:
So when the banner’s displayed, a script on the cybercriminals’ server is run, and it’s this script that redirects the user to a web page hosting exploits. It looks as though the static banners had been replaced with a very specific type of flash ad. Only one question remained: how was this done?
Tags: anti-virus, Industry News, Industry News, Information Technology, Internet Security, Kaspersky, security, Software, virus
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.