The New York Times, the BBC and MSN are the latest victims of high profile websites that have been hit by advertisement driven malware. The malware campaign spread through a shared advertising program and propagates an increasingly popular type of Ransomware. Ransomware is a type of malware that encrypts a user’s computer data and makes it nearly impossible to recover without paying a hefty fee.
The malicious advertisements were served up to users in the United States over the past weekend. The full list of effected websites is extensive and includes msn.com, nytimes.com, bbc.com, aol.com, my.xfinity.com, nfl.com, realtor.com, theweathernetwork.com, thehill.com and newsweek.com. Affected networks included those owned by Google, AppNexis, AOL and Rubicon. This is not the first time high profile websites have been hit by malware but it might be one of the most widespread attacks. Trend Micro reported that as of Monday, the malware had been removed from the highest profile websites but the campaign is still in effect on some smaller websites.
Malware spread through advertising campaigns has become increasingly common in recent years because of the ease distribution. Instead of hijacking a single website, malware laced advertisements have access to every website on a marketing network. The fact that malware advertisements will be mixed in with legitimate advertisements is beneficial to the authors because it makes it difficult to discover the source. By the time researchers are able to link the malware to a single group of advertisements, it has already been shown to hundreds or even thousands of users.
The malware used in advertisement campaigns often capitalize on users with outdated versions of Adobe Flash, Java or Silverlight. Many 3rd party browser plugins can also allow malware to compromise systems that would otherwise be inaccessible. Utilizing security holes in these programs, users can often become compromised without falling prey to any additional tricks. Simply visiting a website that hosts the malware can be enough to become infected. In the past it was enough to advise users to avoid suspicious looking websites, but as mainstream websites become the new hotspot for malware, caution is no longer enough.
This malware campaign emphasizes the importance of staying on top of security patches and being aware of malware attack vectors. System and software patches are released regularly by Microsoft and other software manufactures. It is essential that you preform timely updates and preform regular backups of your most important data. Also, if applications such as Flash and Java are not crucial to your day-to-day work requirements, it may be time to uninstall these common malware attack vectors.
– Richard Keene
IT Computer Support of New York
Webmaster and Lead Designer