PageFair customers tricked on Halloween!

Hey guys,

PageFair got hit by a Trojan masquerading as an Adobe Flash update on Halloween night and the company issued an apology. The PageFair CEO Sean Blanchfield published a series of posts after they discovered the attack. He said that the 83-minute long attack, affected 501 publishers of the company’s free analytics service.

Online publishers are able to see how many of their visitors are blocking ads and there is an advertising system  that displays “adblock-friendly” ads to adblockers on PageFair.

A Trojan named  adobe_flashplayer_7.exe  has caused this attack (detected by Sophos as Mal/MSIL-PL). It has started by gaining access to a key email account of PageFair through a spearphishing attack. The email account has then been used to reset the password on PageFair’s CDN (Content Delivery Network) and used their own Javascript to replace the PageFair analytics code.

PageFair customers embed code hosted on the CDN in their web pages and when the code of the CDN was changed by the attackers, the code on the customer’s website was also affected and changed it from advertising channels to malware distribution channels

Users who weren’t protected by up-to-date anti virus software were mostly at risk when the PageFair’s compromised analytics code were prompted to install a fake Adobe Flash update.

PageFair belives that about 2.3% of visitors to the 501 affected publishers would have been at risk of infection during the 83 minutes of the attack.

PageFair has directly notified affected publishers and completely resolved the breach by the following Monday. The company said that any servers or databases have not been compromised and no publisher account information has been leaked.

Using  javascript code from 3rd parties in organisation’s websites is quite common and is a way to access services but it’s also risky. Your site is only as secure as the 3rd party organisation’s code.

In this instance, that sharing of code allowed a phishing attack against a single vendor to compromise 501 different websites with tens of millions of monthly visitors.

PageFair’s mea culpa as of 21:30 GMT Sunday:

If you are a publisher using our free analytics service, you have good reason to be very angry and disappointed with us right now.

For 83 minutes last night, the PageFair analytics service was compromised by hackers, who succeeded in getting malicious javascript to execute on websites via our service, which prompted some visitors to these websites to download an executable file.

I am very sorry that this occurred and would like to assure you that it is no longer happening.


Source: Akati

Comments are closed.