Malicious Advertisers Employ Authentic Ad-Networks

AdXpansion is an advertising network mainly targeted at the adult market. The ads presented via this network are usually displayed on porn sites, or they are employed to promote sites of this kind via other websites. Unfortunately, the ad network has been exploited by cybercriminals who may use malicious advertising (or malvertising) to open up security backdoors and infiltrate dangerous computer infections. This is not a new approach, and cyber criminals have already employed Google’s DoubleClick and Zedo ad networks to create attacks via examiner.com, last.fm, and other reputable sites. Unfortunately, the outcome of the malicious advertising attacks is quite ugly.

It is questionable whether the creators of AdXpansion are responsible for creating different security backdoors. Overall, the network supports third-party advertisers, and, unfortunately, an unreliable advertiser has been trusted to deliver users supposedly useful, harmless ads. Promo.tiny-toyz.com is the advertiser which is responsible for the creation of a malicious ad. Once this malicious ad is clicked, a user is redirected to an exploit kit landing page. The page is set up to automatically load files, and in the case of AdXpansion malvertising, SWF (Shockwave Flash) files may be executed to exploit an outdated Flash plugin. The automatic file loading would not be possible without the existence of malignant cookies.

HTTP cookies are essential for the attack carried by malicious advertisers. Even if a security system is set up to block malicious sites and stop any unauthorized activity, hackers have found a way to initiate silent web-page redirecting. It has been discovered that URLs of malicious pages are built using the information stored in the installed web cookies. This is why AdXpansion-related malvertising is unpredictable and why blacklisting malicious URLs, in this case, is useless. All of this contributes to silent attacks which often do not require any interaction from the targeted system’s users. For example, you may visit a site displaying a malicious ad which will automatically redirect you to malicious sites or execute malware. Drive-by download scams are used to distribute fake malware removers, malicious tracking cookies, adware, and other intrusive software created by mischievous cyber crooks.

There is no one-step solution to the problems that malicious advertising can cause. It also takes time and effort to ensure that malicious advertising is not an issue you have to deal with. Our first advice for you is to be careful about the sites you visit. If you constantly visit porn sites and unreliable file-sharing sites, it is more likely that you will face unreliable ads which may be the starting point of any kind of virtual attack. Secondly, you should always screen the cookies installed onto the browsers. If you do not visit malicious sites, unreliable, intrusive cookies will not be installed. However, even legitimate sites can be corrupted and legitimate ad networks, like AdXpansion, can be employed to carry out cyber attacks.

It is by far most important to install authentic security tools that will block access to malicious sites, warn you about threats, delete unreliable web cookies, and will keep you safe. Keep the installed software and the operating system updated, because updates are meant to patch security vulnerabilities that could be used to execute schemers’ attacks.