Friday, March 18, 2016

Ransomware Ads in Popular Sites

Ransomware in NYT
There are several high-profile and very high-traffic websites such as The New York Times (NYT), BBC, AOL, MSN, the NFL and more who have been serving up malicious adverts to unsuspecting users that ultimately results in files being held to ransom by the malware, according to Malwarebytes.

Malicious ads making their way onto websites via ad networks used to be a far more common happening but most ad networks from company’s like Google have gotten far better at rooting out the bad from the good.

"Out of the blue, we witnessed a huge spike in malicious activity emanating out of two suspicious domains. Not only were there a lot of events, but they also included some very high profile publishers, which is something we haven’t seen in a while," the company said.

It looks like the ads weren't restricted to coming via Google's ad network either – AOL, AppNexus and Rubicon's networks were also named in the report.

Once a user has been infected, they're then redirected to a page hosting the malware exploit kits, which ultimately lead to their files being held ransom in exchange for a payment – often requested via bitcoin due to its relative anonymity. In this attack, Malwarebytes says that the Angler exploit kit is used in many instances.

The news won't help publishers win any favors in the adblocking debate, however. Not only are ads considered to be essentially spam by many people, they're also now (once again) compromising the security of users.

No comments:

Post a Comment