Could Your Anti-Ad Software be Harmful?

Unfortunately there are no bounds where hackers are concerned. A recent attack left more than 500 websites and their visitors exposed to harmful malware, after an ad-blocking company was infiltrated for just 90 minutes.

The company – PageFair – provides publishers with a free analytics service. It was this service that found itself heavily compromised by hackers, who succeeded in getting malicious JavaScript to execute on websites using the analytics.

It all began with a spear phishing email that gave hackers access to PageFair’s content distribution network account. The attackers then reset the password and replaced the JavaScript code with their own malicious one. The malware was then dealt out via a popup window on all the sites, telling users that their version of Adobe Flash was out of date and urging them to install malware disguised as an official update.

In the attacks that were successful, a remote access tool called Nanocore was installed on the victims’ devices. Nanocore is a full-featured piece of malware that is capable of logging passwords, taking webcam snapshots and regularly reporting to a server under the control of attackers.

Fortunately, the malware was detected by F-Secure as well as other anti-virus software packages. It is also reported that a large percentage of connections to the attacker servers failed. Because Nanocore only runs on Windows, anyone visiting the sites on machines with different servers was immune to the attack.

Understandably, PageFair was mortified at their show of vulnerability and its potential impact on clients and users alike. The fact that the whole campaign began with a spear phishing email shows that all it takes is one person to make a simple mistake, which can then lead to all kinds of consequences.