Hi Lisandro,
When it goes into a blog article warn about the nature of the adxpansion threat e.g. explicit adult content.
This is not suitable info for minors!
Besides this has been all over the news at MBAM forum and other places,
so what would be the additional avast blog content value?
But here then is the story in a nutshell and understandable for a greater user base.
It all comes down to cybercriminal fraudulent adxpansion abuse.
Read here:
https://www.mywot.com/en/scorecard/adxpansion.com?utm_source=addon&utm_content=popupThis is classified as a 34% high risk site. The malicious manipulation of the ads is not done by the parties that buy ads, but by third parties that manipulate.
We see high risk vulnerabilities here. It is a known Flash ad/exploit attack scheme as this technique simply relies on a disguised Flash advert that downloads its own exploit and payload. The traffic for ads it seeks to malcreate runs in the millions of clicks... So disabling or uninstall Flash or enable it on demand only could help protect.
Like DirectRev Malvertising this Uses Self Sufficient Flash 0Day.
The ad is booby-trapped such that it silently loads an external URL
and that is not a direct no-no in unethical ad-serving for the adlaunching industry, so can be abused easily.
See observed sub-domains:
https://www.virustotal.com/nl/domain/adxpansion.com/information/This site for instance that was used in the hack was earlier hacked and compromised, so found to be vulnerable
-malenkiyprince dot ru
re: -http://malenkiyprince.otel-v-krimu.ru/aan.txt
The Flash exploit used was described here:
http://malware.dontneedcoffee.com/2015/10/cve-2015-7645.htmlHere it was not detected and this should be so under normal instances:
http://www.stwhisper.com/www.malenkiyprince.ruMore on this malcode issue here:
http://avpclub.alone.tw/discuz/redirect.php?tid=53748&goto=lastpostSo now you see how devious this is and why an adult user should never go on to the Internet without a decent adblocker and an good script blocker,
polonus (volunteer website security analyst and website error-hunter)
