• Malvertising operation shut down after long-running campaign

A malvertising campaign which ran for months affecting millions of computers has been stopped, according to security researchers at Proofpoint.

The operation, dubbed AdGholas by Proofpoint, had been running since October 2015 and had targeted as many as one million machines per day. It was suspended on July 20 following action from the advertising industry.

The perpetrators had been targeting machines which met specific requirements, such as those operating in certain geographical locations.

Once one of these machines opened an advert, code hidden inside the featured images directed victims to servers hosting exploit kits. The exploit kits would then manipulate vulnerabilities in common applications. Proofpoint estimates that 10 – 20% of machines targeted were redirected to these kits.

The report said that this was the first example of steganography – the practice of hiding code in images – being used as part of a malware campaign.

Proofpoint said: “Although recent changes in the exploit kit landscape suggest a contraction in the drive-by malware scene, the example of AdGholas shows that it would be a mistake to assume this threat is diminishing.

“Instead, AdGholas demonstrates that malvertising campaigns continue to evolve and adopt increasingly sophisticated techniques that enable them to remain stealthy and effective even in the face of the latest defensive advances.”