EyeWonder Malware Incident prevents computer users from visiting popular high-traffic web sites.
Several computer users have reported that they were unable to visit popular websites such as CNN, Engadget, Washington Post, Mashable, Gamestpot and others, due to a malware warnings appearing via EyeWonder digital advertising provider. The incednet was reported on July 3rd with a message that resembles the image below.
EyeWonder Malware Ad Example Image
Malware advertising campaigns have been around for a long time and have proven to be somewhat of an effective malware attack. The question that has to be answered is, how does this happen to so many high-traffic websites at once? The exploit in this recent attack appeared to be reproduced through the 3rd party content/ad serving vendor EyeWonder.
Basically, a single exploitation of the EyeWonder ad vendor was served through several networks. Security experts are currently not sure if it was a compromised partner of the network or EyeWonder that delivered the malicious content in this incident.
Was this attack representative of a normal malvertising campaign where you have a malicious content passed through a legitmate web site via an ad network or were the big network sites actually compromised? Recently there was an ongoing attack of Cold Fusion sites being comprised through the uploads of ASP or Cold Fusion shells allowing an attacker to take control of the site. This secenario is unlikely in the case of web sites as big as CNN or the Washington Post. The attackers may have done more damage than using an ad network to spread malware.
Since this incident, EyeWonder has been shut-down for maintenance. The situation will be carefully monitored as computer users should be aware of this type of campaign that could potentially cause your system to become infected with malware.
Have you seen an alert similar to the image above?