However, advertisers are not the only ones cashing in. Unbeknownst to fans, criminals planted malware in an advertisement on the popular sports-focused Brazilian website, lancenet.com.br. If fans use a vulnerable version of Adobe Flash, by simply visiting the site, the ad could plant malware on their machines giving criminals full access to their valuable information. And, this attack goes beyond Brazil. While the World Cup games are going to take place in Brazil, the websites affected by malvertisement campaigns can be in any region. Given the global attention surrounding this event, these kinds of malvertisement campaigns can be very successful anywhere.
Our researchers discovered this latest malvertisement campaign when we saw it being blocked by our Trustwave Secure Web Gateway. The antimalware technology is designed to detect and filter out malware in real-time to help protect users from blended threats, data loss and zero-day vulnerabilities and help them use the Web and cloud applications securely.
In light of the upcoming World Cup 2014, many fans may visit lancenet.com.br which is why we want to get the word out. We have contacted the site owner who said the issue has been resolved however, this discovery is a good reminder to World Cup fans and all internet users that best security practices must be at the forefront of their minds when browsing the Web and checking emails.
Malvertisement attacks can be highly deceptive. They can be launched and used on websites that are legitimate and there’s usually no visual evidence that the site contains a malicious advertisement. For example, one malvertisement attack that happened earlier this year using a popular advertisement service showed banners with photos of cars – nothing appeared out of the ordinary.
Malvertisement attacks can also deceive website administrators. Many websites show content that comes from advertising networks and therefore the website administrators do not control that content. Even if administrators scanned the advertisement that is first posted on their website and determine that it is clean, later versions of the ad can be malicious. Moreover, the malicious ad can be displayed next to legitimate ads making it more elusive. Also, in the lancenet.com.br case, the third party advertising network was loading live content from another third party ad service, making the website administrator even more removed from the content being posted.
Too often many website administrators inherently trust a certain ad network and assume that network fetches content from other trusted ad networks and providers – an assumption that may be false. Identifying that a banner is malicious is complicated because the malicious scripts may be well hidden in the SWF file (the format that delivers vector graphics, text, video, and sound over the Internet and is supported by Adobe® Flash® Player software), and may be loaded from another file. They can also be obfuscated.