A site for classified advertising popular in the UK, Australia and South Africa called Gumtree was hit with a malvertising attack, according to Malwarebytes Labs.According to Malwarebytes researchers, miscreants penetrated the network of an Australian legal firm and put up a phony version of its site that appeared legitimate, but actually contained a fraudulent subdomain off its main server. Gumtree, a subsidiary of eBay, receives 48 million monthly visits.The criminals cut and pasted the firm's logo and some text from the legitimate site and fashioned what appeared to be a typical ad banner. They then contacted ad networks to inquire about advertising. Anyone clicking on the bogus, malvertising-laden ad would be vulnerable to receiving the Angler exploit kit, which typically injects different payloads, including ransomware or banking trojans.Researchers detected a fingerprinting approach – that had been observed previously – capable of avoiding security tools or network packet captures.
Incident Response, Malware, Network Security, TDR
Malvertising hits eBay subsidiary
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



