[WARNING] Malvertising Campaign Finds a Way Around Ad Blockers

Porthos · May 26, 2017

https://www.bleepingcomputer.com/news/security/malvertising-campaign-finds-a-way-around-ad-blockers/

Ad blockers, our last hope against the onslaught of malvertising campaigns, appear to have fallen, as today, Malwarebytes published new research detailing a malvertising campaign that successfully bypasses ad blockers to deliver their malicious payload.

This malvertising campaign is named RoughTed based on the initial malicious domain at which it was found back in March 2017, but Jérôme Segura, the Malwarebytes security researcher who came across it, says there are clues to show that RoughTed has been active for over a year.

The campaign is very complex and well designed (from a crook's standpoint), as it leverages multiple tricks of the trade, most of which have allowed it to grow undetected in the shadows for so much time.

The word that describes RoughTed the best is "diversity." The operators of this malvertising campaign not only feature traffic from different types of sources, but also include different user fingerprinting techniques, and very different malicious payloads.

GTP · May 26, 2017

Porthos said:
https://www.bleepingcomputer.com/news/security/malvertising-campaign-finds-a-way-around-ad-blockers/

Ad blockers, our last hope against the onslaught of malvertising campaigns, appear to have fallen, as today, Malwarebytes published new research detailing a malvertising campaign that successfully bypasses ad blockers to deliver their malicious payload.

This malvertising campaign is named RoughTed based on the initial malicious domain at which it was found back in March 2017, but Jérôme Segura, the Malwarebytes security researcher who came across it, says there are clues to show that RoughTed has been active for over a year.

The campaign is very complex and well designed (from a crook's standpoint), as it leverages multiple tricks of the trade, most of which have allowed it to grow undetected in the shadows for so much time.

The word that describes RoughTed the best is "diversity." The operators of this malvertising campaign not only feature traffic from different types of sources, but also include different user fingerprinting techniques, and very different malicious payloads.

I read somewhere (and I cannot find the source for the life of me!) that uBlock Matrix defeated their attempts to bypass?
uBlock origin, if setup correctly also defeated it.
Still searching for the article....now, was it Brian Krebbs?....

Galdorf · May 26, 2017

Barcelona said:
I read somewhere (and I cannot find the source for the life of me!) that uBlock Matrix defeated their attempts to bypass?
uBlock origin, if setup correctly also defeated it.
Still searching for the article....now, was it Brian Krebbs?....

https://github.com/uBlockOrigin/uAssets/issues/389
Interesting read on the inner workings of RoughTed: RoughTed: The anti ad-blocker malvertiser

GTP · May 27, 2017

So it looks as if uBO and uBM both block RoughTed finger printing.
But just to be certain, add these lines to your hosts file. Text file attached.
Oh, and disable "Non Proxied UDP (WebRTC) in your browser!

Check if your browser is "leaking" here

[WARNING] Malvertising Campaign Finds a Way Around Ad Blockers

Porthos

Well-Known Member

GTP

Well-Known Member

Galdorf

Well-Known Member

GTP

Well-Known Member

Attachments