Malvertising Campaign Affects MSN, NY Times Among Others

A large number of major news websites have seen their advertisements hijacked by a malicious Angler campaign that installs malware ransomware on users’ computers, security researchers revealed.

Security researchers from security software and services firm Malwarebytes have revealed that a ransomware campaign has targeted a number of US users in recent times through major websites. They include the likes of the New York Times, AOL, NFL, MSN, Realtor, Newsweek, the Hill and Xfinity, among others.

The payload of the malware is delivered through multiple ad networks. The campaign used a number of varying vulnerabilities such as a recently-patched flaw discovered in Microsoft’s Flash competitor, Silverlight. The former Flash competitor has notably been discontinued in 2013. That hasn’t stopped ransomware authors from taking advantage of its vulnerabilities to use it to craft malware to this day.

Users are redirected to a page on servers hosting the malware when the infected adverts hits users. This redirect results in a victim’s exposure to the infamous Angler exploit kit, a malware used commonly among cybercriminals.

The Angler kit attempts to find any available backdoor on the targeted machine in order to install the cryptographically coded ransomware which then encrypts important media and files on the victim’s hard drive. The victim is powerless to regain access to the files until a ransom is paid, in bitcoin, for the decryption keys to unlock the encrypted files.

A blog post by Malwarebytes actually begins by stating that malvertising activity was on the decline over the past few weeks, according to the firm’s telemetry.

It added:

However, out of the blue on the weekend we witnessed a huge spike in malicious activity emanating out of two suspicious domains. Not only were there a lot of events, but they also included some very high profile publishers, which is something we haven’t seen in a while:

PublisherTraffic (monthly)*
msn.com1.3B
nytimes.com313.1M
bbc.com290.6M
aol.com218.6M
my.xfinity.com102.8M
nfl.com60.7M
realtor.com51.1M
theweathernetwork.com43M
thehill.com31.4M
newsweek.com9.9M
  
 

 

Ransomware is among the most destructive and potent forms of malware, especially in recent times. When malware authors begin targeting popular domains which see billions of visitors as their platform for dispersing ransomware, it adds to the bleak outlook. Malwarebytes has notified several ad networks about the intrusion and one hopes that the malicious ads are quickly purged upon discovery.

 Image credit: Wikimedia.