Log In | Subscribe | |

RevenueHits "advertising network" distributes fake ransomware, takes control of browsers.

Publication: 
Editorial Staff
chiefofficersnet

Below is an example of the tactics used by Israeli company RevenueHits that sells itself as a high-profit platform to rival Google Adsense.

This advertisement takes control of the user's browser, produces a page that falsely claims to belong to Microsoft and then says that the computer is locked and asks for a user-name and password. The window cannot be closed by usual means. Amongst other things, it threatens the standard business model of millions of websites.

Website owners are not informed of this tactic when applying the RevenueHits code to their website. They are offered banners (just like Google Adsense) and pop under and pop over ads. Nor are they told that once a visitor clicks on a static teaser banner, code is installed into the browser that hijacks it.

The reputational cost to website owners of their site being used for the dissemination of this malware is inestimable. Worse, it entirely bypasses firewall, anti-virus and, even, browser security.

Once the browser has been hijacked, when it goes to a page that has the code embedded, it will open a new window with the control bar missing, close the original window. It will do this without the user clicking the ad.

Thanks to two pieces of software (one free, one trial version - which we have, with thanks, adopted as a full paid-for product) our own systems are now free of this malicious tool.

Use ADWCLEANER and "MALWAREBYTES" to eradicate and protect. Note, though, that if you happen to click on a teaser after running ADWCLEANER, it will re-install. MALWARBYTES will prevent the window opening but the code will have re-established.

It took us several hours to eradicate all instances of this scourge from PleaseBeInformed.com and, so far as we are aware, it has been entirely removed. So far as we know, we were able to take the site off-line so quickly after adding RevenueHits that the pages where it appeared were not visited by our clients and customers.

For the avoidance of doubt, there are no problems with the PC except that the browser was hijacked.

The danger, of course, is that the company behind RevenueHits is sabotaging the simplest business model for websites: pay per click advertising. As this conduct spreads, it will result in people being less likely to click on adverts and therefore to support websites.

hahagotcha