Ads poisoning – JS:Prontexi

The malware usually spreads through web infection placed on innocent, badly secured websites. The ad infiltration method is growing in popularity alongside with the website infections. Now we are facing probably the biggest ad poisoning ever made – all important ad services are affected. It means that users might get infected just by reading their favorite newspaper or by doing search on famous web indexers. User interaction is not needed in this attack – infection begins just after poisoned ad is loaded by the browser – it is not a type of social engineering. We named the source of this attack JS:Prontexi – JavaScript code which initiates infection on victims computer using various vulnerabilities including latest PDF exploits.

All avast! users with current virus databases are fully protected against this attack. We are blocking bad guys from accessing your computer. This allows us to count hits made on machines participating in “avast! community IQ”.  The following graph shows the number of incidents we have counted in the last 6 days in 4-hour windows  (The number of hits assigned to each service represent only the avast! users, absolute number of hits would be much greater in global scale).
JS:Prontexi distribution chart
Only 8 most infiltrated ad services/websites are shown using their own line. The most compromised (continue reading...)