The advertisement in this case included the Angler exploit kit. Upon landing on this exploit kit a few checks were done to confirm whether the user is running a vulnerable version of either Java, Flash or Silverlight. If the user was deemed vulnerable the exploit kit would embed an exploit initiating a download of a malicious payload, in this campaign it was the Asprox malware. This whole process of malvertising towards an exploit kit is also visualized in the image at the top of this post. Please note, a visitor does not need to click on the malicious advertisements in order to get infected. This all happens silently in the background as the ad is loaded by the user’s browser.....http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/
In their paper, Vadim and Rahul look at a case study of malicious ads served by YouTube (demonstrating that even top brands are battling against this threat), and also study the more general case of malicious Flash banners and how they are obfuscated from researchers, while still delivering malware. We learned last month that this is a serious problem - when researchers found that cybercriminals had purchased advertising space onYahoo in order to serve the 'Cryptowall' ransomware.....https://www.virusbtn.com/blog/2014/08_15.xml
Does it use dll injection or any other method? If dll injection is used, would SRP with dll monitoring turned on prevent it or not?
It seems the exploit uses port 37702 so if i block this port in a firewall i will still be infected but no further malware will be downloaded?