Security researchers at Malwarebytes have revealed that a number of major news websites have been hit by a cryptolocker malvertising campaign, which saw adverts hijacked and ransomware being installed on users’ computers. US users of New York Times, BBC, NFL and AOL websites targeted
Malwarebytes claims that the attack hit some of the biggest publishers in the business, including msn.com, nytimes.com, bbc.com, aol.com, my.xfinity.com, nfl.com, realtor.com, theweathernetwork.com, thehill.com, and newsweek.com, and aimed to target US users, over the weekend that began 19th March. Affected networks included those owned by Google , AppNexis, AOL, and Rubicon. Together, the sites have traffic in excess of billions of visitors.
The malware gained access to the advertisements via multiple vulnerabilities, namely a recently-patched flaw in Microsoft’s discontinued, as of 2013, video playing software , Silverlight. It also hit multiple ad networks for maximum coverage. 1-2 BTC demanded in exchange for the decryption keys
When users were confronted with the infected adverts, they were redirected to servers hosting the hugely popular ‘Angler exploit kit’, which tries to discover any means by which it could infect the user’s computer. If a backdoor is found, a cryptolocker-style software would be installed, encrypting the user’s data and demanding a Bitcoin payment of usually 1-2 BTC in exchange for the decryption keys.
Daniel Chechik, Simon Kenin, and Rami Kogan, SpiderLabs researchers, write: "If the code doesn’t find any of these programs, it continues with the flow and appends an iframe to the body of the html that leads to Angler EK [exploit kit] landing page. Upon successful exploitation, Angler infects the poor victim with both the Bedep trojan and the TeslaCrypt ransomware–double the trouble." Adblockers
Due to the nature of the attack, the debate surrounding adblockers is sure to be revitalised. Many will argue that the hugely damaging effects that […]
