Yahoo & AOL Visitors Hit by Ransomware
Security research firm Proofpoint is reporting that recent visitors to sites such as Yahoo & AOL may have been infected with ransomware through malvertisements.
What did Proofpoint detect?
Without having to click on anything, visitors to the impacted websites may be stealthily infected with the CryptoWall 2.0 ransomware. Using Adobe Flash, the malvertisements silently “pull in” malicious exploits from the FlashPack Exploit Kit. The exploits attack a vulnerability in the end-users’ browser and install CryptoWall 2.0 on end-users’ computers. Similar to the behavior of other “ransomware,” CryptoWall then encrypts the end-users’ hard drive and will not allow access until the victim pays a fee over the Internet for the decryption key. Typically, the end-users face an escalating time deadline; failure to pay by the deadline results in their hard drives being permanently encrypted, thus rendered effectively useless, with all information inaccessible.
Which websites were impacted?
Proofpoint detected that the following large websites were serving malvertisements which delivered the FlashPack exploit kit to visitors. The sites themselves were not compromised; rather, the advertising networks upon which they relied for dynamic content were inadvertently serving malware – which in turn, was not due to an explicit compromise of the networks; rather, it was due to the networks accepting ads from a malicious source without screening detection. The sites’ domain and Alexa rankings are displayed in parenthesis after each in order to provide context of potential end-user impact. All told, more than 3 million visitors per day were potentially exposed to this malvertising campaign.
Yahoo! Finance, Fantasy and Sports (yahoo.com, Global 4, US 4),
AOL (realestate.aol.com, US 37, Global 119),
The Atlantic ( theatlantic.com, US 386, Global 1,206),
9GAG (9gag.com, US 528, Global 201,),
match.com (US 203, Global 631),
The Sydney Morning Herald (www.smh.com.au, Australia 13, Global 780),
realestate.com.au (Australia 17, Global 1,656),
The Age (theage.com.au, Australia 34),
stuff.co.nz (New Zealand 9),
societe.com (France 54, Global 1,649),
Dumpert (dumpert.nl, Netherlands 24),
Flirchi (flirchi.com, India 106, Global 1,129),
Weatherzone Australia (weatherzone.com.au, Australia 111),
Brisbane Times (brisbanebrisbanetimes.com.au, Australia 183),
RSVP (rsvp.com.au, Australia 351),
The Canberra Times (canberratimes.com.au, Australia 403),
Time Out (US 1,145, Global 1,816),
The Beacon-News (beaconnews.suntimes.com, US 1,178),
Merca2.0 (merca20.com, Mexico 229),
clicccar.com (Japan 1,124),
iPhone for Hong Kong (iphone4hongkong.com, HK 112),
Noticias Argentinas (noticiasargentinas.com, Argentina 784)
1,323 total views, 1 views today