Cisco's Talos Group Shuts Down Malvertising Campaign

Global online campaign exploits ads with Neutrino Exploit Kit to transfer ransomware to victims' computers, reports Threatpost.

Dark Reading Staff, Dark Reading

September 2, 2016

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Cisco System’s threat research group has detected and deactivated a global malvertising campaign which exposed visitors on legitimate sites to the malicious code Neutrino Exploit Kit, says Threatpost. Talos Security Intelligence and Research Group took two weeks beginning on August to work with GoDaddy and shut down the malicious server in Russia, which hosted the exploit kit.

According to Talos, criminals used “gates” to display ads stolen from other websites and redirected visitors to the exploit kit. Cisco researcher Nick Biasini said that in those two weeks about 1,000 of one million visitors may have been exposed to Neutrino EK, which then tried to transfer the CrypMIC ransomware to their computers.

Biasini emphasized the seriousness of malvertising campaigns noting that as more content continues to move online the primary revenue source for web sites is online ads. "Cybercriminals know this and are increasingly turning away from other more typical ways of pointing traffic to exploit kits and are now looking to malvertising,” he said.

For details of how the EK worked, click here.  

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights