Crypto ransomware hits major websites through banner ads in past 24 hours
http://www.neowin.net/news/crypto-ransomware-hits-major-websites-through-banner-ads-in-past-24-hours
We already know that ransomware has become a growing threat to users around the world. Just last week, Mac users saw their first such attack on Apple's operating system. By encrypting a user’s local files and holding them ransom for payment in the hundreds of dollars, the perpetrators have become increasingly sophisticated in their methods to extract money. The software is so difficult to deal with that the FBI advises people and businesses to just pay up to unlock their files.
Now, according to Trend Micro, the past 24 hours have seen a rash of new crypto-ransomware spreading through popular websites. The attack, dubbed Angler Exploit Kit, is taking advantage of vulnerabilities in Adobe Flash and Microsoft Silverlight, among others, to feed the malware through compromised ad networks.
Malwarebytes is reporting that the “malvertising” is hitting the BBC, MSN, nfl.com, The New York Times, my.xfinity.com and many others in the form of clickable banners. The anti-malware company provided lots of detail around the exploit, reporting a number of suspicious domains through which the ads are apparently served. Google’s ad network carried trackmytraffic[.]biz, while the AOL, Rubicon and AppNexus ad networks carried talk915[.]pw as well. Other suspicious domains include brentsmedia[.]com, evangmedia[.]com and shangjiamedia[.]com.
Google’s ad network was compromised in this attack, according to MalwareBytes. Last year, Google reported to have made progress in filtering ad injectors and malicious sources across the ad networks it manages. However, it would appear that the ad network still has work to do.
Source: Trend Micro and Malwarebytes via Ars Technica | Images via Trend Micro
http://www.neowin.net/news/crypto-ransomware-hits-major-websites-through-banner-ads-in-past-24-hours
We already know that ransomware has become a growing threat to users around the world. Just last week, Mac users saw their first such attack on Apple's operating system. By encrypting a user’s local files and holding them ransom for payment in the hundreds of dollars, the perpetrators have become increasingly sophisticated in their methods to extract money. The software is so difficult to deal with that the FBI advises people and businesses to just pay up to unlock their files.
Now, according to Trend Micro, the past 24 hours have seen a rash of new crypto-ransomware spreading through popular websites. The attack, dubbed Angler Exploit Kit, is taking advantage of vulnerabilities in Adobe Flash and Microsoft Silverlight, among others, to feed the malware through compromised ad networks.
Malwarebytes is reporting that the “malvertising” is hitting the BBC, MSN, nfl.com, The New York Times, my.xfinity.com and many others in the form of clickable banners. The anti-malware company provided lots of detail around the exploit, reporting a number of suspicious domains through which the ads are apparently served. Google’s ad network carried trackmytraffic[.]biz, while the AOL, Rubicon and AppNexus ad networks carried talk915[.]pw as well. Other suspicious domains include brentsmedia[.]com, evangmedia[.]com and shangjiamedia[.]com.
Google’s ad network was compromised in this attack, according to MalwareBytes. Last year, Google reported to have made progress in filtering ad injectors and malicious sources across the ad networks it manages. However, it would appear that the ad network still has work to do.
Source: Trend Micro and Malwarebytes via Ars Technica | Images via Trend Micro