{"id":6627,"date":"2014-10-15T11:26:42","date_gmt":"2014-10-15T15:26:42","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=6627"},"modified":"2014-10-15T11:26:42","modified_gmt":"2014-10-15T15:26:42","slug":"youtube-served-users-malicious-advertisements-trend-micro-says","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/10\/15\/youtube-served-users-malicious-advertisements-trend-micro-says\/","title":{"rendered":"YouTube served users malicious advertisements, Trend Micro says"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/www.pcworld.com\/article\/2833972\/youtube-served-malicious-advertisements-trend-micro-says.html\"><img data-recalc-dims=\"1\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/10\/youtube-logo-2014-100449570-large.jpg\" alt='' \/><\/a><\/p>\n<p>Malicious advertisements, some of which were displayed on YouTube, redirected more than 113,000 people in the U.S. to harmful websites in just a month, Trend Micro said Tuesday.<\/p>\n<p>Although online advertising companies try to detect and block such ads from being circulated on their networks, bad ones sometimes get through. Such ads can be very productive for hackers. It can mean a large pool of victims if shown on a high-traffic website.<\/p>\n<p>\u201cThis was a worrying development: Not only were malicious ads showing up on YouTube, they were on videos with more than 11 million views\u2014in particular, a music video uploaded by a high-profile record label,\u201d wrote Joseph Chen, a fraud researcher, on Trend Micro\u2019s blog.<\/p>\n<p>Google, which owns YouTube, did not have an immediate comment.<\/p>\n<p>Chen wrote that users viewing the ads were bounced through two servers in the Netherlands before landing on the malicious server, which is located in the U.S.<\/p>\n<p>That server had the Sweet Orange exploit kit installed. Sweet Orange checks if the computer has one of four vulnerabilities affecting Internet Explorer, Java or Adobe Systems\u2019 Flash application.<\/p>\n<p>If the attack is successful, the kit delivers malware from the KOVTER family, which has been used in the past for ransomware, Chen wrote. Those attacks try to extort a victim by either encrypting their files or tricking them into paying a fine.<\/p>\n<p>The KOVTER malware is hosted on a subdomain of a Polish government site that has been hacked, Chen wrote. The attackers had also modified DNS (Domain Name System) information on that site by adding subdomains that led to their own servers, but the method used to accomplish that was unclear, Chen wrote.<\/p>\n<p>via <a href=\"http:\/\/www.pcworld.com\/article\/2833972\/youtube-served-malicious-advertisements-trend-micro-says.html\" target=\"_blank\">YouTube served users malicious advertisements, Trend Micro says | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Malicious advertisements, some of which were displayed on YouTube, redirected more than 113,000 people in the U.S. to harmful websites [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,9],"tags":[655,1270],"class_list":["post-6627","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-malware","tag-youtube"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1IT","jetpack-related-posts":[{"id":7570,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/02\/05\/malicious-advertisements-on-major-sites-compromised-many-many-pcs\/","url_meta":{"origin":6627,"position":0},"title":"Malicious advertisements on major sites compromised many, many PCs","author":"NCCT","date":"February 5, 2015","format":false,"excerpt":"Attackers who have slipped malicious advertisements onto major websites over the last month have potentially compromised large numbers of computers. Several security vendors have documented attacks involving malicious advertisements, which automatically redirect victims to other websites or pages that silently attack their computer and install malware. \u201cWe certainly see malvertising\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8465,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/07\/13\/hacking-teams-arsenal-included-at-least-three-unpatched-exploits-for-flash-player\/","url_meta":{"origin":6627,"position":1},"title":"Hacking Team&#8217;s arsenal included at least three unpatched exploits for Flash Player","author":"NCCT","date":"July 13, 2015","format":false,"excerpt":"Recently breached surveillance software maker, Hacking Team, had access to three different exploits for previously unknown vulnerabilities in Flash Player. All of them are now out in the open, putting Internet users at risk. Milan-based Hacking Team develops and sells surveillance software to government agencies from around the world. On\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5724,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/12\/its-official-malicious-hackers-have-crappy-password-hygiene-too\/","url_meta":{"origin":6627,"position":2},"title":"It\u2019s official: Malicious hackers have crappy password hygiene, too","author":"NCCT","date":"June 12, 2014","format":false,"excerpt":"Given the amount of time malicious hackers spend bypassing other people's security, you might think that they pay close attention to locking down their own digital fortresses. It turns out that many of them don't, according to a recent blog post documenting some of their sloppiest password hygiene. The post\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/06\/sewer-640x480.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/06\/sewer-640x480.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/06\/sewer-640x480.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":6401,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/09\/10\/comcast-wi-fi-serving-self-promotional-ads-via-javascript-injection\/","url_meta":{"origin":6627,"position":3},"title":"Comcast Wi-Fi serving self-promotional ads via JavaScript injection","author":"NCCT","date":"September 10, 2014","format":false,"excerpt":"Comcast has begun serving Comcast ads to devices connected to one of its 3.5 million publicly accessible Wi-Fi hotspots across the US. Comcast's decision to inject data into websites raises security concerns and arguably cuts to the core of the ongoing net neutrality debate. A Comcast spokesman told Ars the\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/09\/javascreener-640x74.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/09\/javascreener-640x74.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/09\/javascreener-640x74.png?resize=525%2C300 1.5x"},"classes":[]},{"id":3106,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/05\/attackers-reported-seeding-cloud-services-with-malware\/","url_meta":{"origin":6627,"position":4},"title":"Attackers reported seeding cloud services with malware","author":"NCCT","date":"August 5, 2013","format":false,"excerpt":"LAS VEGAS -- Malware writers are ramping up their use of commercial file hosting sites and cloud services to distribute malware programs, security researchers said at this week's Black Hat conference here. Traditionally, malware writers had distributed their malicious code from their own sites. But as security vendors get better\u2026","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3197,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/19\/malware-hijacks-mobile-ad-networks-to-siphon-money\/","url_meta":{"origin":6627,"position":5},"title":"Malware hijacks mobile ad networks to siphon money","author":"NCCT","date":"August 19, 2013","format":false,"excerpt":"Asian cybercriminals have figured out an unusual way to use the architecture of a mobile ad network to siphon money from their victims. The new method represents another step in the evolution of mobile malware, which is booming with more smartphones shipping than PCs. Mobile ad networks open up the\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/6627","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=6627"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/6627\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=6627"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=6627"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=6627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}