Η Cisco announced that malicious advertisements have been posted on websites such as YouTube, Amazon and Yahoo, part of a sophisticated campaign to spread malware.
According to security researcher Armin Pelkmann, when a user clicks on malicious ads, they are redirected to a different website, which triggers a download based on whether the computer is running Windows ή OS X of Apple Lossless Audio CODEC (ALAC),.
Το δίκτυο έχει το παρατσούκλι “Kyle and Stan” λόγω των ονομάτων που εμφανίζονται σε subdomains σε πάνω από 700 ιστοσελίδες που έχουν δημιουργήσει οι για τη διανομή του κακόβουλου software. Pelkmann wrote. "The large number of domains allows attackers to use a specific one domain for a very short time, burn it and move on using another for future attacks. This helps to avoid security solutions reputation and procase blacklisted."