Malicious images hidden in plain sight

Next story


Cyber-criminals are making use of banner adverts on well-known websites to launch malware attacks.

As technology advances, so does cyber-crime; and hackers are getting far more creative in ways to attack and infect.

Millions of internet users who visited well-known websites have been targeted by malware attacks as malicious adverts are redirecting their servers to an exploit kit.

Adverts promoting “Browser Defence” and “Broxu” on banners on the webpage are stored on a remote domain with a URL starting hxxps://.

These malicious adverts attack victims without requiring any user interaction. The script reports information about the victim’s machine to the attacking remote server then reviews and serves up either a clean image or a malicious one.

You barely notice the difference in clean and malicious images, as the script is encoded in an alpha channel, which affect the colour of pixels, so the final colour tone is ever so slightly different.

Mark James, ESET IT Security Specialist, discusses what this type of malicious activity shows us about how cyber criminals may be operating.

“This type of malicious activity shows clearly how cyber-criminals are adapting their means to distribute and infect as many as possible through the platforms that work.

“There is a misconception that you have to visit “dodgy” websites to get infected, but cyber-criminals are not stupid.

“Why infect somewhere with a relatively small footfall when you can infect a website with infinitely more visitors thinking they are safe because they trust the name of the vendor.

“Some users still believe you actually have to click a link or run a file to actually start the infection process, and what’s worse is in most cases the actual owner of the website is totally unaware they have a problem.

“Making sure you have a good regular updating internet security product installed along with keeping your Operating System and applications patched and updated is a must these days.

“A lot of websites use adverts to help fund the free content we want, and using things like ad blockers can have an adverse effect on this revenue stream, but is a means of defence that could stop this attack.”

Have you ever suffered a malware infection from a seemingly mundane page? Let us know on Twitter @ESETUK

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.