Real news from the privacy world

Over Three Million Users May Have Been Exposed By Malvertising Campaign Per Day

Concept of hacker at work with laptop

A major malvertising campaign appearing on websites even including on AOL and Yahoo designed to infect user machine with a ransomware has been uncovered by security researchers. This malvertising campaign was speculated to potentially earn attackers $25,000 and more per day.

According to the email security firm Proofpoint, considering how popular most of the targeted sites were, this campaign may have affected and victimized close to three million people if not more per day. As the vendor was explaining in a blog post, visitors to the infected websites were getting infected with CryptoWall 2.0 ransomware through a drive-by-download.

The post continued – “using Adobe Flash, the malvertisements silently ‘pull in’ malicious exploits from the FlashPack Exploit Kit. The exploits attack a vulnerability in the end-users’ browser and install CryptoWall 2.0 on end-users’ computers. Similar to the behavior of other ransomware, CryptoWall then encrypts the end-users’ hard drive and will not allow access until the victim pays a fee over the internet for the decryption key. Typically, the end-users face an escalating time deadline; failure to pay by the deadline results in their hard drives being permanently encrypted, thus rendered effectively useless, with all information inaccessible.”

Widely known and used websites that were affected included AOL; Yahoo Finance; Time Out US; The Atlantic; Sydney Morning herald; and Fantasy and Sports. Minimum of three well known and major ad networks has been compromised: Right Media/Yahoo Advertising, OpenX and Rubicon Project.

Affected networks were informed by Proofpoint and it is sure that since last weekend these networks have taken action. Proofpoint added – “these ads passed through multiple parties including exchanges, optimizers, ad networks and web sites, all without detection at any step. It is clear that site owners and ad distributors need to invest in more advanced tools to detect malicious advertisements that are embedded in the ad stream.”

“In particular, site owners cannot and should not assume that the ad networks are taking care of this for them, and should proactively seek tools for online brand protection.” Enterprises and end users should have ensured that their anti-malware software is updated and able to spot these threats as well as that any flaws in pivotal software are eliminated and patched. This year malvertising is one if not the fastest growing threats for a reason. Blue coat just back in March said that malvertising is responsible for 20% of all malware that is found on mobile devices and named it top mobile threat.

Kyle and Stan” – a massive malvertising network was uncovered by researchers in the September. It is believed to have compromised close to 6,500 malicious domains.

ESET’s security specialist Mark James recommended users to keep all of their software, especially web browsers and key software such as Flash and Adobe Acrobat as well as most importantly their operating systems up to date. He noted that “blocking pop ups and installing web filters can also stop the malicious software from being run in the first place and always make sure your running a reputable updated antivirus or internet security product.”

“As for website owners, using trustworthy and established suppliers will help but often the advertising space is rented repeatedly and you may not be in direct contact with the actual advertiser.”

Encrypting all the data until it reaches its destination is also just as wise and it’s probably cheapest first step solution. It can be done by using services such as VPN, and NordVPN is one of the most reputable and most feature rich VPN provider out there that you can find.

Try NordVPN for Free!

3 days of full security and privacy, with no strings attached


Your email address will not be published. Required fields are marked *

Leave a Comment

Your email address will not be published. Required fields are marked *