Malvertising is one of the most profitable businesses in the cyber hacking industry. Exploiting website inventory is highly beneficial for cyber criminals as it is then sold to redirect traffic to gambling, adult, pharma and similar kinds of websites. Needless to say, that its damage to both publishing websites and advertising network reputation is huge. Ideally, Web Admins are the ones responsible for checking the Ads that their site is showing. However, doing this manually is not feasible. That’s why proper web security monitoring tools should be in place to detect and avoid website exploitation and compromising by malware in real-time and automatic mode. ThreatSign - Website Antimalware customers add their websites to monitoring to track and detect malvertising activity in order to implement remediation on time. Once such suspicious content is detected, ThreatSign client is getting informed through emailed scan report and in user dashboard allowing to spot and remove malicious ads from the circulation. This post is based on recent example from customer website that was compromised by malware and cleaned up by Quttera malware experts.

We will start our analysis with the injector:

This file injects a redirection code and appends in to the end of the file: $dir.“/../wp-includes/js/jquery/jquery.js”

After the successful injection, the modified file looked like:

Notice the redirection at the bottom of the page. This means that every time the file has been used/called, the connection has been made to the URL hosting the JavaScript file.

We have downloaded the JavaScript file to analyze it:

Basically, what the code does, is it tracks and saves your browsing behavior in a cookie and uses it to channel ads based on the visitor interest. As for the domain 51[.]la, this domain has been compromised many times by malware authors to propagate their malware causing massive infections to the visitors.

Here at Quttera, we constantly monitor sites ²⁴⁄₇ and educate all Website Administrators to perform thorough checkups with the ads that their site is serving to keep the internet safe. If you suspect or know that your website suffers from malvertising, Quttera experts are always happy to clean it up for you. Select the best plan that fits your business and enjoy safe ads space - Malware Monitoring & Cleanup Plans For Websites