Security warns the general public Yahoo, YouTube and Amazon amongst others are serving up malicious ads called ‘malvertising’, to Windows and Mac users by the newly discovered malvertising network.
When visitors visit a website infected with the malicious ads, they’re apparently redirected to another site based on what machine they’re using – Windows or Mac.
The final page automatically starts downloading malware.
“The file is a bundle of legitimate software, like a media-player, and compiles malware and a unique-to-every-user configuration into the downloaded file,” the researchers wrote.
“The attackers are purely relying on social engineering techniques, in order to get the user to install the software package. No drive-by exploits are being used thus far. The impressive thing is that we are seeing this technique not only work for Windows, but for Mac operating systems alike.”
Cisco said that the whole network could be automated, which means the malvertisers potentially have registered huge numbers of domains. So far they firm has noted 9,541 connections to malicious domains.
Infiltrating popular domains such as amazon.com, ads.yahoo.com, www.winrar.com and youtube.com has given the attackers the chance of infecting potentially millions of users.
So far, spyware, adware and browser hijackers have been detected, although the cybercriminal gang behind the network may also have other malware up its sleeve, Cisco said.
“The large number of domains allows the attackers to use a certain domain just for a very short time, burn it and move on to use another one for future attacks. This helps avoiding reputation and blacklist based security solutions.”