Get a free application, infrastructure and malware scan report - Scan Your Website Now

Subscribe to our Newsletter
Try AppTrana WAAP (WAF)
Managed WAF Start at $99

Cybercriminals Piggybacking on Google’s DoubleClick for Rapid Distribution

Posted DateSeptember 23, 2014
Posted Time 3   min Read

Online banner advertising began in the early 1990s as page owners sought additional revenue streams to support their content. Every popular website tries to generate revenue by setting aside a particular space on its web pages and rent it to Network Marketers. Google Display Network is one such strong group of more than a million websites, videos, and apps, through which Google displays 3rd party ads. Unfortunately, the website owner has limited control over the ads running on their shared space.

Google’s DoubleClick: A lucrative ‘carrier’ for Cybercriminals!

DoubleClick is the ad technology foundation of Google which aims to create, transact, and manage digital advertising for the world’s buyers, creators, and sellers. Advertisers and agencies strengthen and simplify complex online campaigns, using DoubleClick’s digital ad management platform. Apart from delivery, DoubleClick also provides great analytical features through multiple enhancements or plug-ins to help marketers in formulating and evaluating targeting techniques. These data-driven insights and features have provided Google’s DoubleClick an edge over its competitors and have become hugely popular among marketers and agencies.

But as it’s said ‘you need to pay a price for popularity and successes’; the Cybercriminals have begun to piggyback Google DoubleClick’s ‘reach’ to meet their target too!

Zemot Malware – The Malware spread by DoubleClick ad servers

As per the latest report, Cybercriminals have exploited the power of two online advertising networks, Google’s DoubleClick and popular Zedo advertising agency, to deliver malicious advertisements to millions of internet users that could install malware on a user’s computer. A number of websites, including The Times of Israel, The Jerusalem Post and the music streaming website, have become victims and serving malicious advertisements designed to spread the recently identified Zemot malware.

The first impressions came in late August, and by now millions of computers have likely been exposed to Zemot, although only those with outdated antivirus protection were actually infected. According to the report, the malicious advertisements lead users to websites containing Nuclear exploit kit, which looks for an unpatched version of Adobe Flash Player or Internet Explorer running on victim’s system. I found one, it downloads the Zemot malware, which then communicates it to a remote server and downloads a wave of other malicious applications.

The Zemot malware focuses on computers running on Windows XP, although it can also infect more modern operating systems running on x86 and 64-bit machines. The malware can easily bypass the security software installed in the system before infecting computers with additional malware, therefore it is difficult to identify.

‘Malvertising’- Whom to blame?

Malware served through ad units (or “malvertising”) is nothing new, but this incident is notable because of the unusually broad reach of the attack. This has become possible due to the sharp increase of online display advertising fuelled by Google DoubleClick’s reach. Google has confirmed the breach and has shut down all the affected servers which were redirecting malicious code and disabled the ads that delivered malware to user’s computers.

We highly think it’s a wake-up call to all stakeholders of online advertising. Publishers need to be more aware of the ads they are displaying on their website, network marketer needs to go for malware scanning of the landing web-pages before displaying them on their network sites and the end-users need to use the latest and updated software/ plugins.

web application security banner

Spread the love

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

Startup Security
Everything Startups Need to Know About CyberSecurity

Keeping your startup safe from hackers, data loss and breaches takes more than just a firewall and antivirus software. Here is everything you need to about it.

Spread the love

Read More
Malware Infected Advertisements
Cybercriminals earning 25k$ a day through Malware infected Advertisements

Cybercriminals were recently caught making approximate $25,000 a day, through malware infected ads.

Spread the love

Read More


Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Know More Take Free Trial


Indusface is the only cloud WAAP (WAF) vendor with 100% Customer Recommendation for 3 consecutive years.

A Customers’ Choice for 2022 and 2023 - Gartner® Peer Insights™

The reviews and ratings are in!