Major websites compromised by malvertising

Major websites including MSN, the BBC and The New York Times have had their web ads compromised by malware that attempts to install ransomware on victims’ PCs.

Malwarebytes warned it has seen a huge spike in malvertising activity in recent days, with numerous events that included some high-profile publishers.

Other high-profile publishers compromised in the campaign included AOL, Newsweek, the Weather Network and The Hill. Combined, the targeted websites receive traffic in the billions of visitors.

The malware exploited a number of vulnerabilities including a recently patched flaw in the now-discontinued Microsoft Silverlight.

The malware campaign has made use of multiple exploit kits, including Angler, which according to research was the most dominant exploit kit used in 2015. These kits were used to search for backdoors into a target’s computer that can be used to install ransomware.

In a blog post, Trend Micro fraud researcher Joseph C Chen noted that the campaign is targeting users in the US, and may have affected tens of thousands of users during a 24-hour period alone.

“Based on our monitoring, the malicious ads were delivered by a compromised ad network in these highly visited mainstream websites. As of this writing, while the more popular portals appear to be no longer carrying the bad ad, the malvertising campaign is still ongoing and thus continues to put users at risk of downloading malware into their systems,” he said.

“Users and organisations are advised to make sure that they keep their applications and systems up to date with the latest security patches; Angler Exploit Kit is known to exploit vulnerabilities in Adobe Flash and Microsoft Silverlight, among others.”

Image courtesy of Lee Davy under CC