A worldwide campaign to spread malware through ads on websites has been shut down, according to researchers.
The malvertising campaign, which operated in North America, EU, Asia-Pacific and the Middle East, was discovered by Cisco's Talos Security Intelligence and Research Group.
In most cases, criminals used the CrypMIC ransomware as this would not require any interaction from the user and would not draw attention to itself.
Many of the Shadowgate servers were hosted on servers and domains registered through GoDaddy. Talos worked alongside GoDaddy to shut down all the servers.
“GoDaddy quickly responded and was able to mitigate the threat successfully. As of the publishing of this blog the associated malvertising campaign appears to have been successfully shut down and the malicious activity thwarted. Unfortunately, as this is using domain shadowing it's likely the campaign will only remain dormant for a while, but until then users are protected from this specific threat,” said Cisco researcher Nick Biasini in a blog post.
Javvad Malik, security advocate at AlienVault, told SCMagazineUK.com that setting up a malvertising campaign is unfortunately easier than taking one down.
“Criminals will always follow the money and the easiest way to distribute their wares. Unless there is a fundamental change in the online advertising model, there doesn't seem to be any indication that criminals will slow down,” he said.
He added that shutting down malvertising, bots, or other malicious infrastructure has always been a tough problem because it requires a co-ordinated effort that needs a lot of stakeholders across a wide geographic region. “Domain registrars, website owners, ad networks, law enforcement, researchers, and others all need to come together to successfully disrupt and take down such campaigns.”