Skip to main content
Customer Support Customer Support

Kovter Group malvertising campaign exposes millions to potential ad fraud malware infections

  • October 8, 2017
  • 2 replies
  • 2 views
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54
October 06, 2017  Kafeine and Proofpoint Staff 

 
Overview
 
Proofpoint researchers recently detected a large-scale malvertising attack by the so-called KovCoreG group, best known for distributing Kovter ad fraud malware and sitting atop the affiliate model that distributes Kovter more widely. This attack chain exposed millions of potential victims in the US, Canada, the UK, and Australia, leveraging slight variations on a fake browser update scheme that worked on all three major Windows web browsers. The attack has been active for more than a year and is ongoing elsewhere, but this particular infection pathway was shut down when the site operator and ad network were notified of the activity.
 
Full Article.
    B
    R
    J

    2 replies

    R
    Community Guide
    Hats off to the site operator for shutting down this exploit.
    R
    Community Guide
    • retiredAntus67
    • Community Guide
    • October 10, 2017

    Smut-watchers suckered by evil advertising

    'Millions' of Pr0rnHüb visitors offered fake browser updates

    By Richard Chirgwin 10 Oct 2017 at 01:28  Security

    Smut-watchers suckered by evil advertising

    'Millions' of Pr0rnHüb visitors offered fake browser updates

    By Richard Chirgwin 10 Oct 2017 at 01:28 21 [img]http://www.theregister.co.uk/design_picker/bc467c9a005fca2157c82bbdff2756c09f5c64d5/graphics/icon/rect_comment_bubble.png[/img] SHARE ?Security bods have closed off a malvertising campaign targeting an ad network spread through an ad network that targeted smut site P0rnHub.
    The attacks exposed “millions of potential victims in the US, Canada, the UK, and Australia”, said the Proofpoint researchers who discovered the attack.
    Proofpoint said the campaign was waged by the KovCoreG group (distributor of the Kovter malware) for more than a year.
    Kovter isn't new: it turned up in poisoned ad campaigns in 2015, and again earlier in 2017.
    In the most recent campaign, Proofpoint said the campaign hooked users through fake Chrome/Firefox/IE browser updates (and a fake Flash update for good measure), and the attack was active for more than a year until the ad network, Traffic Junky, and the smut site lowered the boom.
     
    full article here:
     
    Terms & ConditionsAccessibility statement