Fraudsters Using Expired Domains to Serve Malicious Ads

Trojan-Horse-Virus-Malware-Visual-Metaphor.jpgCyber criminals are using expired domain names to launch malicious ad campaigns that aim to place viruses, trojans and other malware on unsuspecting users computers, exposing visitors to high-profile websites to huge risks.

The campaign was launched this week after criminals gained ownership of an expired web domain which formerly belonged to an advertising company. The fraudsters then used the domain to place malware-riddled ads on websites including the New York Times, the BBC, AOL and Newsweek.

Bresntsmedia.com, the website used by the hackers, expired on 1 January and was registered again on 6 March. Gaining access to the domain of a small but legitimate ad company provided the cyber criminals with high quality traffic from popular web sites that either publish their ads directly, or as affiliates of other ad networks.

The campaign was discovered by security research firm Trustwave SpiderLabs, which informed the affected websites. According to the company, the same fraudsters also purchased two more expired domains, envangmedia.com and markets.shangjiamedia.com, and may be monitoring the web for other expiring domains with the word “media” in them.

“Whether or not this will turn into a new trend, its certainly an interesting development in the world of malvertising, once again reminding us how difficult it is for both end-users and ad networks to deal with this threat,” said a spokesperson for Trustwave SpiderLabs.

“Its important to note that while these popular sites are involved in the infection process they are, much like infected clients, victim of malvertising. The only crime here is being popular and having high volumes of traffic going through their sites daily.”