Stoner Magazine Harshing Buzzes by Serving Malware

I use the Invincea Research Edition in my day-to-day job investigating malware. I found this humorous exploit uploaded on the site today. ThreatGlass posted that the pot-enthusiast site 420magazine.com was serving malware, so a researcher went to the site to test it and sure enough, the site tried to infect them with a Flash Exploit.

Here is the event tree from the Research Interface. You can see the exploits dropped, see that batch files were set to run at startup and that command and control notifications were sent to Bulgaria and the Ukraine.

The exploits were actually delivered via malware embedded in the site’s advertising, but those very advertisers choose which sites to use to deliver their malicious payloads. Not sure what malware miscreants want from a botnet made from Stoner’s computers? Maybe they just figure they won’t bother to put down the bong long enough to get their computers fixed.

I tweeted 420 Magazine about this but have not received a response as yet.

@420Magazine Duuude! Why are you Harshing Buzzes by serving Malvertising from your website? https://t.co/3qRKn1Xehk

— Honey Badger Clicker (@BelchSpeak) July 28, 2014