Malicious ads on email service lead to malware

If you haven’t yet disabled JavaScript on your browsers, it’s high time to do it.

TrendLabs warns about malicious advertisements popping up for users visiting a popular Web-based email service, which lead to URLs containing exploits that are able to download and execute different malicious files without any interaction on the users’ part.

Among the downloaded files there are malicious Java and .PDF files that enable further download of malicious files on machines that still have unpatched Adobe Reader, the use of some Adobe JavaScript APIs, and the embedding of the encoded payload URL into the “Author” field contained in the document properties – making automated PDF and JavaScript analysis tools fail to detect malicious scripts inside the .PDF file because they are encrypted/obfuscated.

As mentioned at the beginning, users are advised to disable JavaScript on their Web browsers, keep the browsers updated, and be careful when following links.