Malicious Ads Hit Amazon, YouTube and Yahoo According to Cisco




/ 10 years ago

Kyle-and-Stan-south-park-20077213-480-360

In a new blog post, Cisco is describing the Malvertising Network dubbed Kyle and Stan. The network is targeting both Windows and Mac devices alike, with the old trick of sneaking malware into advertising. There are only a few big advertising players on the market, so if you manage to sneak a malicious ad past the security controls, it will reach thousands, maybe even millions of potential victims within minutes.

Talos Security Research has uncovered a major network that is doing exactly this and due to the naming scheme of hundreds of their sub-domains e.g. “stan.mxp2099.com” and “kyle.mxp2038.com” , they nicknamed the malvertising group Kyle and Stan. There are a lot of variations in the attack, but it always follows the same scheme. When served with the malicious advertisement you get redirected to a different website based upon your system, Windows or Mac, where it starts to download a malicious file.

img_Flow-550x556

Once the victim is redirected to the final URL, the website automatically starts a download of a unique piece of malware for every user. The file is a bundle of legitimate software, like a media-player, and a unique-to-every-user configuration of malware compiled into the downloaded file. The attackers are purely relying on social engineering techniques, in order to get the user to install the software package.

No drive-by exploits are being used thus far, but the impressive thing is that we are seeing this technique not only work for Windows, but for Mac operating systems alike.

The first hits are going back to the beginning of may with June and July being the ones with the biggest amount of traffic on the 74 sites the malvertising was detected on. The network consists of over 700 domains itself, making it hard for blacklists and other detection tools to pick up on it.

The list below are confirmed domains to have served the malicious ads at one point or another during the monitored time. The list contains popular sites such as Amazon, Yahoo, Winrar and YouTube.

  • 6nbzz.watch-now.awardcrowd.eu
  • 7ruzz.globalrewards.samplestation.eu
  • ads.yahoo.com
  • amazon.com
  • br5zz.watch-now.awardcrowd.eu
  • bvp.burstmedia.com
  • cdn.sharedaddomain.com
  • clkmon.com
  • cr2.gogorithm.com
  • grooveshark.audio-updates.com
  • gslbeacon.lijit.com
  • javaapx.com
  • javaupdating.com
  • johzz.watchnow.rewardbasket.eu
  • jvupdater.com
  • n11.adshostnet.com
  • serve.adsxgm.com
  • w0tzz.watchnow.rewardbasket.eu
  • www.alldldsoft.com
  • www.allsoftdll.com
  • www.allsoftpc.com
  • www.carefulclick.com
  • www.ddlsoftdirect.com
  • www.directdls.com
  • www.directsoftddl.com
  • www.dllfinalsoft.com
  • www.dllsoftultimate.com
  • www.dllultimatesoft.com
  • www.dlsofteclipse.com
  • www.downti.com
  • www.dwnllistsoft.com
  • www.dwnlsoft.com
  • www.dwnlultimatesoft.com
  • www.filenaut.com
  • www.filenetix.com
  • www.files101.com
  • www.filesbunker.com
  • www.filesonar.com
  • www.freeunlimitedvideos.com
  • www.getmplayer.com
  • www.getsoftdll.com
  • www.installrecommended.com
  • www.latestplayerplugin.com
  • www.lpdownclsva007.com
  • www.lpdownclsva011.com
  • www.mediaplayerinstaller.com
  • www.mediaplayertotal.com
  • www.moresoftdll.com
  • www.mysoftdll.com
  • www.newboxdl.com
  • www.newplayerupdate.com
  • www.pcsoftultimate.com
  • www.pitisoft.com
  • www.popdls.com
  • www.proplayersetup.com
  • www.recommendedfiles1.com
  • www.recommendedupdate.com
  • www.recommendedupdate14.com
  • www.softmediaplayer.com
  • www.softnewdll.com
  • www.softplayerdownload.com
  • www.softultimatedwnl.com
  • www.thelatestsoft.com
  • www.thesoftdll.com
  • www.totalsoftdll.com
  • www.totalsoftpc.com
  • www.ultimateplayersetup.com
  • www.ultimatevideoplayer.com
  • www.updatedrelease.com
  • www.updateneeded.com
  • www.winrar.com
  • www1.mediaplayernew.com
  • www1.updateplugins.com
  • youtube.com

Thank you Cisco for providing us with this information.

Images courtesy of Cisco and Southpark.


Topics: , , , , , ,

Support eTeknix.com

By supporting eTeknix, you help us grow and continue to bring you the latest newsreviews, and competitions. Follow us on FacebookTwitter and Instagram to keep up with the latest technology news, reviews and more. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

Looking for more exciting features on the latest technology? Check out our What We Know So Far section or our Fun Reads for some interesting original features.

eTeknix Facebook eTeknix Twitter eTeknix Instagram eTeknix Instagram
  • Be Social With eTeknix

    Facebook Twitter YouTube Instagram Reddit RSS Discord Patreon TikTok Twitch
  • Features


Send this to a friend
})