Researchers discover malware advertising that’s infected 1.3M people and growing

Researchers have discovered a new and improved exploit kit that hackers are using to serve up infectious ads.

Hackers are buying up ads on real-time bidding platforms and embedding them with RIG 3.0, a service that determines whether a person’s computer is vulnerable and then exports a trojan virus. Those with vulnerable computers don’t need to click on the malicious ad for the trojan to download, meaning that most people won’t know they’re being infected until it’s too late.

Because most programmatic ad platforms don’t have robust technology for distinguishing between hackers and advertisers, it’s fairly easy for the former to pose as a legitimate business and buy up ads. In addition to ads, RIG 3.0 can also be integrated into a compromised website.

What’s so scary about this exploit is that these malicious ads can show up anywhere that programmatic ads are placed — such as your favorite media sites.

Over a six-week period, security firm Trustwave saw RIG 3.0-related malvertising served to 3.5 million people, of which 1.5 million were infected. The attack is being deployed globally, though the most affected countries appear to be Brazil and Vietnam. So far nearly 46,000 people in the U.S. have been infected, and Trustwave expects these numbers to increase.

This is just the latest malware to come in the form of advertising.

The RIG service has been around for a while — this is just its latest version (hence the “3.0”). But it’s much improved from its predecessors. For instance, RIG 3.0 encrypts trojans in a way that makes it harder for antivirus software to detect.

Trustwave said that though this kind of attack is prolific, there are ways to stop it. Here are three suggestions for staying uninfected:

1. Update your computer software, including Flash, Java, and Silverlight. This goes double for your browser and related plugins. Also, keep Microsoft Office up to date. In fact, just enable automatic updates.
2. Make sure click-to-play is enabled in your browser. With click-to-play enabled, infectious ads won’t be able to automatically download malware onto your computer. You’ll have to click on them.
3. Install an anti-malware security solution.