Popular publishing websites, including The New York Times, the BBC, MSN, and AOL have fallen victim to a trove of malicious ads that attempt to install crypto ransomware and other malware on the computers of unsuspecting visitors, security firms have warned. The campaign is reportedly targeting users in the US and has been caused by a compromised ad network in these highly-visited mainstream websites.
The ransomware is being spread through the Angler exploit kit, a toolkit that sells exploits for Adobe Flash, Microsoft Silverlight, and other widely used internet software. It has incidentally grown to be one of the most popular tools designed by cyber criminals to be sold to conduct cyber attacks.
In this scenario, once a user visits a page that loads the malicious ad, the said ad automatically redirects to two malvertising servers, the second of which delivers the Angler Exploit kit. This can subsequently lead to infecting users with ransomware and then demand payment to release their data.
According to security blog, Malware bytes, these mainstream sites are receiving the malware from domain names that are associated with compromised ad networks and the attacks are currently flowing from two suspicious domains, trackmytraffic[c] and biz and talk915[.]pw. While many popular portals appear to be no longer carrying the bad ad, the malvertising campaign is still running and continues to put users at risk of downloading malware into their systems.
Software security company, Trend Micro says the tainted ads may have already exposed tens of thousands of people by now and the campaign may have originated last week when Angler started pushing laced banner ads through the compromised ad network. To make things worse, Angler Exploit Kit has been reportedly updated to exploit additional vulnerabilities.
How to prevent
In order to prevent themselves from falling prey to this attack, users can decrease what researchers refer to as their "attack surface." This would require uninstalling applications and software like Adobe Flash, Oracle Java, Microsoft Silverlight, and other third-party browser extensions unless absolutely required.
Users should also install updates for the related apps that have been affected as soon as they become available and use the 64-bit version of Chrome for browsing when possible. Windows users who are using Windows 10 are on a safer domain say experts and can use Microsoft's Enhanced Mitigation Experience Toolkit.
Only recently, a new malicious software targeting Apple's Mac computers was discovered. Ransomware is slowly becoming one of the fastest-growing cyber threats.