Manage Learn to apply best practices and optimize your operations.

How does the Terror exploit kit spread through malicious ads

Zscaler recently discovered a malvertising campaign that spreads the Terror exploit kit through malicious ads. Discover more about the threat with expert Nick Lewis.

Cloud security vendor Zscaler Inc. found that a malvertising campaign has been spreading the Terror exploit kit....

What is Terror, and how do malicious ads spread it?

Malvertising campaigns continue to be effective as they enable an attacker to use a legitimate website to deliver malware to users. Malvertising campaigns can be particularly dangerous because the ads and potential malware downloads look as if they come directly from the trusted website. As a result, end users may not be suspicious of pop-ups.

The next step in the process is to infect the system by using a downloader to run the malicious code on the endpoint, as getting the malware to the endpoint is crucial.

Cloud security vendor Zscaler recently identified a malvertising campaign using the Terror exploit kit.

Terror is a collection of scripts and malware that is posted on a compromised website. It can be found published on ad networks and is under active development to continue to evade detection and infect endpoints.

New obfuscation layers, exploits and malware payloads have been added to the Terror exploit kit as it uses multiple webpages with obfuscated JavaScript redirects that push a web browser to malicious Flash files to execute the malware on the endpoint.

The malicious ads use the Propeller Ads media network, which allows companies to include the ads on their own websites. The ads then push malicious JavaScript that redirects the web browser to Terror.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

This was last published in May 2018

Dig Deeper on Emerging cyberattacks and threats

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Has your organization been impacted by a malvertising campaign?
If the user is not logged on with admin level credentials then does the malware still install itself?

And why isn't malvertising totally illegal? Why aren't the people at the Propeller Ads media network in jail?
The Terror Exploit kit doesn't necessarily need admin since it's attacking Flash/browser/etc, but the specific malicious code/executable run by the exploit might.