Major websites including the BBC, Newsweek, The New York Times, and MSN ran malicious online advertisements on Sunday that attacked users’ computers, a campaign that one expert said was the largest seen in two years.
The websites weren’t at fault. Instead, they are unwitting victims of malvertising, a scheme where cyber attackers upload harmful ads to online advertising companies, which are then distributed to top-tier publishers. [ Roger Grimes’ free and almost foolproof way to check for malware . | Discover how to secure your systems with InfoWorld’s Security newsletter . ] Tens of thousands of computers could have been exposed to the harmful advertisements on Sunday, which means some running vulnerable software may have been infected with malware or file-encrypting ransomware.
Some bad ads were still appearing on some websites including the BBC on Monday, said Jerome Segura, a senior security researcher with Malwarebytes, in a phone interview Tuesday.
The advertisements connected with servers hosting the Angler exploit kit. The kit tries to find software vulnerabilities on a computer in order to deliver malware.
A successful exploit could deliver ransomware, a type of malware that encrypts a computer’s files. Victims are asked to pay a ransom, usually in bitcoin, in order to get the decryption key and restore their systems.
Trend Micro wrote about the same attack on Monday. Segura said he delayed publishing a blog post while he contacted major advertising networks, including Google’s DoubleClick, Rubicon, AOL and AppNexus, to get the malicious advertisements removed. He published a post on Tuesday.
Some of the offending ads have been removed, but not all. He decided to go public despite not getting acknowledgment from some online advertisers.
Josh Zeitz, vice president of communications for AppNexus, said via email on Tuesday that the advertiser that placed the bad ad had been "deactivated" soon after the company was […]
