June 2, 2015

Cybercriminals use Flash to gain easy access to millions of consumers in 2015, says Malwarebytes

Cybercriminals can pay less than 80 cents to expose 1,000 consumers to infected ads

FROM MALWAREBYTES HEADQUARTERS IN SAN JOSE, CA: June 2, 2015 – New research from advanced endpoint security firm, Malwarebytes, has found that malvertising is one of the primary infection vectors used to reach millions of consumers this year.

The analysis looked at the three large scale zero-day attacks affecting Flash Player. Analysis of one particular zero-day attack instigated using the HanJuan Exploit Kit showed that cybercriminals paid an average of $74 for every 1,000 infected advert impressions on major websites at highly trafficked times of day. This amount could even drop as low as $6 per infected ad impression on lesser-known websites and during quieter times of day.

Malicious adverts placed on popular websites including The Huffington Post, Answers.com and Daily Motion, which all boast monthly unique users in the millions, are responsible for exposing vast numbers of consumers to zero-day attacks. Even consumers and businesses running the latest versions of Internet Explorer, Firefox and Flash Player are susceptible to becoming immediately infected when exposed to this type of threat, which makes it particularly lucrative for the criminal community. Further, with one zero-day remaining active for almost two months of the analysis period, there is scope for exploits to have especially wide-reaching effects.

The nefarious use of the online ad industry is facilitated by real-time bidding as this allows advertisers to bid in real-time for specific targets and weed out non-genuine users or those that should not be targeted by exploits.

Jerome Segura, senior security researcher, Malwarebytes, said, “Exploit kit authors leverage the most popular software vulnerabilities to build the most effective tools they can and in the past year, we have seen new vulnerabilities being found and weaponised at a much faster rate. This is a game changer because there is a lack of awareness on zero-day threats and most businesses and consumers aren’t properly equipped to deal with them. While one could have foreseen Flash zero-days increasing in frequency in 2015, witnessing three major zero-days happening so close to one another is unique. To face this new reality, businesses and consumers must adapt by adopting new tools to safeguard their assets.”

Malwarebytes will be attending Infosecurity Europe from 2nd to 4th June 2015. The company will be exhibiting on stand E185.


Notes to editors

Details on the three large-scale zero-day attacks analysed are:

CVE ID CVE-2015-0310 CVE-2015-0311 CVE-2015-0313
Flash Player version Flash Flash Flash
Exploit Kit Angler EK Angler EK HanJuan EK
Date discovered 01/16/15 01/21/15 02/02/15
In the wild since* 01/16/15 01/21/15 12/10/14
Discovered by Kafeine Kafeine TrendMicro
Patched 01/22/15 01/24/15 02/05/15

* This is an estimate based on the data available

More information on Malwarebytes research can be found at: www.malwarebytes.org/threezerodays/

An infographic on malvertising is also available at: www.malwarebytes.org/whatismalvertising/


About Malwarebytes

Malwarebytes provides software designed to protect consumers and businesses against malicious threats that consistently escape detection by other antivirus solutions. Malwarebytes Anti-Malware Pro, the company’s flagship product, employs a highly advanced behavior-based detection engine that has removed more than 5 billion malicious threats from computers worldwide. Founded in 2008, the self-funded company is headquartered in California, operates offices in Europe, and employs a global team of researchers and experts. For more information, please visit us at www.malwarebytes.org.

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.