Dive Brief:
- A new wave of malware-infected banner ads have hit major websites including The New York Times, the BBC, MSN, and AOL, according to a report by Ars Technica.
- The ads can install crypto ransomware and other malware, which can, in some instances, work to lock users out of their system in exchange for payment.
- Ars Technica explained the ads began appearing after a toolkit called Angler—that sells exploits for Adobe Flash, Microsoft Silverlight and other website software—began uploading infected ads through a compromised ad network.
Dive Insight:
Malware, particularly ransomware, is becoming a lucrative business for cybercriminals as hackers work together to deploy more advanced virus technology. A recent malware attack used the cryptolocker virus to lock a Los Angeles hospital out of its systems until it paid a $17,000 ransom for the decryption key.
But the infected ads work more toward targeting individual users rather than targeting businesses to lock them out of their systems.
The infected ads hit ad networks from Google, AppNexis, AOL, and Rubicon, and seemed to come from two domains. The infected ads redirect to two malvertising servers with the final stop delivering the Angler Exploit Kit.
“The campaign underscores the vital role that smart browsing plays in staying secure online. One of the most important things users can do is to decrease what researchers refer to as their 'attack surface,'" the Ars Technica article's author Dan Goodin explained. Goodin said that to avoid malvertising, readers need to uninstall third-party browser extensions such as Adobe Flash and Oracle Java unless they are absolutely necessary.
According to Malwarebytes, malvertising activity had been waning in recent weeks, so the uptick in activity they saw over the weekend was unusual and unexpected. Not only did the malvertising hit a list of high-profile publishers, but per Ars Technica, the ads may have exposed tens of thousands of people just over the weekend.
