March 16, 2016 by

Malvertising Campaign Affects MSN, NY Times Among Others

A large number of major news websites have seen their advertisements hijacked by a malicious Angler campaign that installs malware ransomware on users’ computers, security researchers revealed.

Security researchers from security software and services firm Malwarebytes have revealed that a ransomware campaign has targeted a number of US users in recent times through major websites. They include the likes of the New York Times, AOL, NFL, MSN, Realtor, Newsweek, the Hill and Xfinity, among others.

The payload of the malware is delivered through multiple ad networks. The campaign used a number of varying vulnerabilities such as a recently-patched flaw discovered in Microsoft’s Flash competitor, Silverlight. The former Flash competitor has notably been discontinued in 2013. That hasn’t stopped ransomware authors from taking advantage of its vulnerabilities to use it to craft malware to this day.

Users are redirected to a page on servers hosting the malware when the infected adverts hits users. This redirect results in a victim’s exposure to the infamous Angler exploit kit, a malware used commonly among cybercriminals.

The Angler kit attempts to find any available backdoor on the targeted machine in order to install the cryptographically coded ransomware which then encrypts important media and files on the victim’s hard drive. The victim is powerless to regain access to the files until a ransom is paid, in bitcoin, for the decryption keys to unlock the encrypted files.

A blog post by Malwarebytes actually begins by stating that malvertising activity was on the decline over the past few weeks, according to the firm’s telemetry.

It added:

However, out of the blue on the weekend we witnessed a huge spike in malicious activity emanating out of two suspicious domains. Not only were there a lot of events, but they also included some very high profile publishers, which is something we haven’t seen in a while:

Publisher Traffic (monthly)*
msn.com 1.3B
nytimes.com 313.1M
bbc.com 290.6M
aol.com 218.6M
my.xfinity.com 102.8M
nfl.com 60.7M
realtor.com 51.1M
theweathernetwork.com 43M
thehill.com 31.4M
newsweek.com 9.9M
   
 

 

Ransomware is among the most destructive and potent forms of malware, especially in recent times. When malware authors begin targeting popular domains which see billions of visitors as their platform for dispersing ransomware, it adds to the bleak outlook. Malwarebytes has notified several ad networks about the intrusion and one hopes that the malicious ads are quickly purged upon discovery.

 Image credit: Wikimedia.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Yahoo, MSN Struck by Advanced Malvertising Campaign

 A treacherous malicious advertising campaign is making a comeback on major publishing websites...

Read more arrow_forward

Neutrino Exploit Kit Takes Over Distribution of CryptXXX Ransomware

Earlier this year, the malware authors behind the re-tweaked CryptXXX 3.1000 ransomware jumped from...

Read more arrow_forward