Ransomware has been found in malicious adverts displayed by major news and high-traffic websites.
Visitors who used the sites over the weekend could have infected their computers with malware and ransomware.
PC Mag reports:
As first reported by Trustwave, and confirmed by several other security firms, these and other sites—including AOL, MSN, Answers.com, ZeroHedge.com, and Infolinks.com—were hit by malicious ads served up by once-legitimate networks that were taken over by scammers.
“It seems that an experienced actor has acquired an expired domain of a small but probably legitimate advertising company in order to utilize [it] for malicious purposes,” according to Trustwave, which said the Angler exploit kit is to blame.
“It’s important to note,” Trustwave said, “that while these popular sites are involved in the infection process,” they are still victims of malvertising. “The only ‘crime’ here is being popular and having high volumes of traffic going through their sites daily.”
This attack points to a larger trend in malvertising: the stalking of domains that are nearing their expiration date—in this case, those containing the word “media.” According to the BBC, the domain exploited in this case fell into the hackers’ hands in January.
“Users and organizations are advised to make sure that [they] keep their applications and systems up-to-date with the latest security patches; Angler Exploit Kit is known to exploit vulnerabilities in Adobe Flash and Microsoft Silverlight, among others,” Trend Micro said in a blog post.
Trend Micro “is already able to protect users against this threat,” while Malwarebytes said its “Anti-Exploit blocks the malvertising attack when it launches the exploit kit.”
This article originally appeared on PCMag.com.
Latest posts by Edmondo Burr (see all)
- Trump: FBI Unable to Stop National Security Leakers - February 24, 2017
- Bannon and Priebus United Against Enemy Media - February 24, 2017
- Mysterious Loud Booms Heard In New Orleans - February 24, 2017