Popular Hollywood celebrity gossip website Perez Hilton has been hacked, leaking the CryptXXX ransomware to visitors. The website was found to be redirecting visitors to the Angler Exploit Kit which, of late, has become one of the most popular cybercrime tools used by hackers to deploy ransomware.
Security researcher Nick Bilogorskiy of Cyphort Labs recently uncovered the breach. He pointed out that this was not the first time the website was targeted by hackers. However, in this case, the malvertising campaign was redirecting over 500,000 of the website's daily visitors to Angler's leading page, which in turn dropped the Bedep malware that would then download and infect the user's system with the CryptXXX ransomware.
The redirection domain identified by Bilogorskiy — som.barkisdesign.com — is also believed to be involved in a separate malvertising campaign, which targeted, among others, CBS television stations as well as GoDaddy accounts in early April.
"Malvertising continues to be one of the preferred vectors for attackers to compromise users' machines with malware," said Bilogorskiy. "Malvertising is effective because users tend to trust mainstream, high-trafficked "clean" websites. The attackers abuse this trust to infect them via third-party ad content."
He also pointed out that users have taken to "fight back" with advertising blockers. However, while ad blockers may protect users from potential malvertising attacks in some cases, the blowback has resulted in publishers losing an estimated $22bn (£15bn) in 2015.
In related news, the moderators of popular tech discussion forum Reddit are now considering banning publishers that force users to disable ad-blockers from their site, in order to protect their visitors from potential malvertising attacks. Such a ban would have a powerful impact on publishers who, to a certain extent, are dependent on discussion forums like Reddit to promote their content.