Compromised banner on Nico Nico Spreading Fake Flash Player

Popup and advertising banner is one of the way that cyber criminals use to promote their malwares. some of the similar incident were found in the past include popular website such as yahoo, New york Time where attacker managed to compromise an advertising banner and post a link lead to their malware.

Symantec security researchers posted their finding about a malicious banner displayed on Nico Nico one of the largest video sharing resource in Japan.  the attack affected several million of users as if one open the video he will find a new pop-up notify them to update their Adobe flash player. The URL is registered on the .biz domain and not belonging to Adobe or Nico Nico while it is looking very close to Adobe page to trick users.

niconico_Fakeflash_LOBFake Flash Player Page sourced Symantec

The claimed update will start to verify victims information such as browser version, HD serial number, MAC address to send them over to remote system controlled by attackers. the Nico Nico confirmed the malicious banner and stated that the source is a third party advertising firm MicroAd. if the victim will allow the update on his browser he will notice fake programs to be installed (FLV Player, System Speedup ,Search Protect ,VuuPC etc) without really updating any flash player.

To protect your self against such attack make sure that your security software is updated and it is integrated with your web browser. normally if you have this enabled you will not have the banner or popup alert as the antivirus will block untrusted sources. It is also important to keep your browser updated to eliminate vulnerabilities.

Share