The media content page of Telstra has been infected with a malvertising malware.
The malware links the website to a malicious exploit kit. Malvertising is simply a type of malware which is incorporated in an online advert.
On the Telstra website, a Lamborghini Gallardo for sale pops up. When a person clicks on this ad, they are redirected to a different site where a nuclear exploit kit payload is lurking. It is upon landing on this other page that the internet user unknowingly walks into a banking Trojan.
Security researcher Jerome Segura of Malwarebytes is the one who discovered and reported this malware. According to him, this malware bears great similarity with the malware that had attacked PlentyOfFish dating site some time back. This malware seems to have been designed to target the Telstra based ads rather than the website itself.
There is every indication that this nuclear exploit kit is an off the shelf hacking software. The malware has tools which exploit all vulnerabilities in a runtime environment browser. It also attacks the main software that runs on a given website.
People tend to trust established media houses that have a national or international appeal. In a way, this removes some culpability from Telstra which was not been directly targeted with the malware. Such incidences are becoming increasingly common but the liability of the host website bearing such malicious content is all but overlooked.
Website publishers should ensure that they implement strict controls and employ threat detection policies that will enable their websites defend themselves and thereby mitigate future attacks. Jas Singh, CTO at Medelinked adds that this should start with URL filtering as well as web reputation security checks.
According to Singh, it is when this user-requested content in a website passes a URL filtering test that real-time malware gets detected in a timely manner.