michelangelus - Fotolia

How does the Terror exploit kit spread through malicious ads

Zscaler recently discovered a malvertising campaign that spreads the Terror exploit kit through malicious ads. Discover more about the threat with expert Nick Lewis.

Cloud security vendor Zscaler Inc. found that a malvertising campaign has been spreading the Terror exploit kit....

What is Terror, and how do malicious ads spread it?

Malvertising campaigns continue to be effective as they enable an attacker to use a legitimate website to deliver malware to users. Malvertising campaigns can be particularly dangerous because the ads and potential malware downloads look as if they come directly from the trusted website. As a result, end users may not be suspicious of pop-ups.

The next step in the process is to infect the system by using a downloader to run the malicious code on the endpoint, as getting the malware to the endpoint is crucial.

Cloud security vendor Zscaler recently identified a malvertising campaign using the Terror exploit kit.

Terror is a collection of scripts and malware that is posted on a compromised website. It can be found published on ad networks and is under active development to continue to evade detection and infect endpoints.

New obfuscation layers, exploits and malware payloads have been added to the Terror exploit kit as it uses multiple webpages with obfuscated JavaScript redirects that push a web browser to malicious Flash files to execute the malware on the endpoint.

The malicious ads use the Propeller Ads media network, which allows companies to include the ads on their own websites. The ads then push malicious JavaScript that redirects the web browser to Terror.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

This was last published in May 2018

Dig Deeper on Threats and vulnerabilities

Enterprise Desktop
Cloud Computing