Telstra infected with 'Malvertising'

Home page of Australia's largest telecommunications company Telstra has been infected with 'malvertising' which links a malicious exploit kit.
Malvertising (a portmanteau of malicious and advertising) is a form of distributing  ‘injected' malware into legitimate online advertising.

A malvertisement appearing to show a Lamborghini Gallardo for sale, actually contained a link to redirect users (via Google's own URL shortener) to a separate website where a Nuclear exploit kit payload was lying in wait - the payload in this case was a banking Trojan.

The hack itself was reported by Malwarebytes researcher Jerome Segura.  He reports that this malvertising is similar to an attack on the PlentyOfFish* dating website.

Cases of malvertising typically see whole web advertising chains/networks being infected. The attack here therefore was not on Telstra as such, but on the network serving the advertisements it was displaying.

The Nuclear exploit kit which this hack pointed to is an off-the-shelf piece of hacking software with tools to exploit vulnerabilities in the runtime environments of browsers and the core backbone software that runs on the web.

While culpability is not directly pointed at Telstra for this attack, users clearly establish a certain level of trust with media providers who operate at a national and/or international level of this type.

With incidents like this becoming more prevalent, the question of host site liability for dynamic content presented in advertisements does come into question.

Senior malware analyst at Avast Jaromir Horejsi spoke to us to clarify just where users stand in relation to the secure web today.

“HTTPS cannot help avoid malvertising, in fact malvertising can be (and sometimes is) spread by infected online advertising services over HTTPS. To protect themselves from malvertising, people should keep their software, such as browsers and plugins up-to-date, adjust browser settings to detect and flag malvertising. They should also have antivirus software installed to detect and block malicious payloads that can be spread by malvertising.”

Telstra's ‘media content' home page has now disabled the link to the malvertising attack.

This article originally appeared at

Read more:

Share on Google Plus