'Kyle and Stan' Malvertising Hits Amazon, Yahoo, YouTube

Credit: Comedy Central/Parker-Stone Studios

(Image credit: Comedy Central/Parker-Stone Studios)

Every tech-savvy person knows to avoid clicking on advertisements on sketchy websites, but you may be better off not clicking banner ads on reputable sites, either. Amazon, Yahoo, YouTube and 71 other Web domains have fallen victim to the Kyle and Stan malvertising network, which spreads adware and other potentially unwanted programs by preying on user trust of otherwise-honest sites.

Shaun Hurley, David McDaniel and Armin Pelkmann, three security researchers for Cisco, wrote up their findings about the malware in a Cisco company blog post. The Kyle and Stan malware (the names of two characters in the long-running Comedy Central show "South Park" show up in the domain names of more than 700 sites the network uses to serve ads) first determines whether you're on a Windows system or on a Mac, then silently redirects your browser to a site that serves up executable files for your operating system of choice.

MORE: Best Free PC Antivirus Software 2014

The first bit of good news is that, aside from Amazon, Yahoo and YouTube, Kyle and Stan malvertising has not surfaced on too many top sites. Grooveshark and WinRAR users should keep an eye out, but otherwise, the malicious advertisements seem restricted to second-tier download sites.

More importantly, the malware that Kyle and Stan serves up isn't all that malicious as of yet, and user intervention can prevent its installation. The ads prompt users into downloading and installing free media players that are bundled with potentially unwanted programs such as the Conduit or Vsearch browser hijackers.

Such brower hijackers are annoying, but much less malign than real malware such as keyloggers or banking Trojans that are served up by browser exploit kits in drive-by downloads that users are powerless to stop. Nasty malware has indeed shown up in malicious ads, but not in this case ... yet.

Kyle and Stan has another trick up its sleeve, however. Each file it presents to each potential victim is slightly different from the rest, resulting in a unique numerical signature for each file and making it very difficult for signature-based antivirus software to detect.

In theory, major sites such as Amazon.com have checks and balances in place to prevent their ads from spreading malicious software. The Kyle and Stan network subverts this process by linking users to a safe site, but then instantly redirects them to one that contains the unwanted programs' installers.

Users have two opportunities to avoid contracting malware delivered by Kyle and Stan: Either don't click on advertisements, or don't install the downloaded programs. Even if you do get lured into installing junk on your computer, it's pretty much run-of-the-mill adware that can be easily removed from browsers such as Chrome, Firefox, Internet Explorer or Safari.

Since many sites rely on ad revenue to stay afloat, clicking on advertisement links is a way of funding content you love. Users will have to weigh for themselves whether the risk of security vulnerabilities is worth shopping online, or checking their email or watching cat videos.

Marshall Honorof is a Staff Writer for Tom's Guide. Contact him at mhonorof@tomsguide.com. Follow him @marshallhonorof and on Google+. Follow us @tomsguide, on Facebook and on Google+.

TOPICS
Marshall Honorof

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi.