Malvertising - Kyle & Stan

[ѠOOT]

Bonjour,

J'ai lu plusieurs remarques sur malvertising sur Ebay, DeviantArt, YouTube, Amazon, Yahoo, Google ... sur le forum de Malekal, il s'agit de Kyle & Stan.

The "Kyle & Stan" network is a highly sophisticated Malvertising Network. It leverages the enormous reach of well placed malicious advertisements on very well known websites in order to potentially reach millions of users. The goal is to infect Windows & Mac users alike with spyware, adware, and browser hijackers.

→ Threat Spotlight: "Kyle & Stan" Malvertising Network 9 Times Larger Than Expected ( September 22, 2014 )


The malware droppers employ clever techniques and encryption to ensure unique checksums to avoid detection.

Ce qui explique que certaines personnes avec antivirus à jour se font tout de même infecter.

The large number of domains allows the attackers to use a certain domain just for a very short time, burn it and move on to use another one for future attacks. This helps avoiding reputation and blacklist based security solutions.

Ce qui explique en partie les réactions concernant les solutions de blacklisting.

→ 1836 Kyle & Stan subdomains
→ 1895 mxp & lpmxp + other connected domains
→ 2760 fake download websites

Depuis, il y a eu des centaines de nouveaux faux sites.

All in all we are facing a very robust and well-engineered malware delivery network that won’t be taken down until the minds behind this are identified.

(ps: Pas beaucoup de temps pour compléter, j'éditerai plus tard pour ajouter des infos )