This article is more than 1 year old
You've been Drudged! Malware-squirting ads appear on websites with 100+ million visitors
eBay, Drudge Report, etc inadvertantly carry evil adverts
Internet lowlifes who used Yahoo! ads to infect potentially countless PCs with malware have struck again – using adverts on popular websites to reach millions more people.
Security researchers at MalwareBytes this week discovered the crooks running another massive campaign of ads that use the Angler Exploit Kit to infiltrate Windows PCs via vulnerabilities in Adobe Flash and web browsers.
Prominent websites including the Drudge Report and Weather.com – a pair of sites whose total traffic alone amounts to nearly 200 million visits per month – were apparently inadvertently carrying the ads, putting millions of netizens at risk.
MalwareBytes said the network carrying the ads, AdSpirit, was notified, and it has since taken down the offending adverts. The campaign has now moved to AOL's ad network, with dodgy adverts appearing on eBay, we're told.
Like the attacks spotted last week on Yahoo! sites, the malicious ads silently load, through a chain of web redirects, script code that attempts to exploit software vulnerabilities in the visiting PC to install either an adware package or the CryptoWall ransomware.
As soon as the ad is loaded on the page, the attack is attempted without any click or interaction from the user. Disabling Flash or setting the plugin into "click-to-play" mode will slash the risk of attack. Keeping fully up-to-date with security patches will also help: the exploit kits tend to target old-day rather than zero-day vulnerabilities.
A similar malvertising attack from the CryptoWall gang was spotted in 2014, when Yahoo! was once again used to serve up the attack ads. Such operations do not involve infecting the ad networks themselves, but rather duping the networks into serving files that contain the exploit code.
"I think supporting free content is fine but not with the kind of risk it entails. People already hate ads, and we really didn’t need another incentive to block them," said MalwareBytes senior security researcher Jérôme Segura.
"The popularity of ad blockers may really force the ad industry’s hand to change how they go about advertising." ®