by herodotus on 1/28/18, 6:00 PM
This article helped me understand the junk/spoofing emails I get. Emails that say things like "You have 2 messages from Fedex" etc. When I looked into them a while ago, the simple javascript redirect was easy to figure out (they all concatenate numbers from an array onto a string and redirect to a string). The redirect is always to a php file, often embedded using bad wordpress installs. The php then does more redirects. At first, I was able to get to the redirect, but lately my crude manual attempt fails as explained by the article: the redirect code goes to pains to filter out "researchers" from genuine spam targets.
I think there are two classes of victims, though. Ordinary users like me are the obvious ones, but I think that the many shady business that are presumably paying these malvertising agencies are unlikely to be getting much value for their bucks. Too bad the article doesn't have any information on the revenue return of a malvertising campaign.
by Arbalest on 1/29/18, 3:01 AM
>These criminals are hijacking programmatic advertising and giving publishers a bad name.
>Our sole focus is on helping advertising platforms and publishers rid the world of malware.
Getting rid of malware is good, but giving web advertising a bad name also sounds good. Advertising/Propaganda or whatever all act to try and manipulate people's behaviour. The term 'Mind Virus' comes to mind.
by sekh60 on 1/29/18, 2:56 AM
I am amazed at how structured the operation was. Is there any estimate as to how profitable a campaign on this scale (or any scale for that matter, I do not know where money enters into the equation)?
by jimrandomh on 1/28/18, 7:30 PM
Fig. 11 of this analysis links the operation to an address in Kiev. Given the level of sophistication described, it seems likely that this was done by (or at least with the support of) an intelligence agency; I would bet on this having been a project of the FSB.