Online advertisements can be annoying. But what if they spread malware too? The excessive greed of few has lead to the rise of malvertising, advertisements that redirect or lead to malware. A recent Zscalar study revealed that several compromised websites contained ads that led to ransomware.
Compromised websites lead to drive-by-download attacks serving ransomware
In these attacks, the malicious payload is delivered to vulnerable systems using a popular technique known as drive-by-download. Essentially, compromised websites host the Magnitude exploit kit, a community name choosen for an Exploit Kit previously referred to as “Popads, which drops malware into the system using vulnerabilities found in the browser.
The following websites were found to redirect to malicious content:
The malvertising networks lead to redirector domains using “302 cushioning” i.e. displaying a 302 HTTP redirection warning, in order to avoid detection.
The “magnitude” of damage
As stated by Zscalar:
“This is a highly profitable ransomware payload that leverages Bitcoin transactions executed over the Tor Anonymizer to monetize the attack, Threat Actors utilize this method of collection because it can’t be reliably traced back to the them. Victims are especially vulnerable to this type of extortion since very few people seem to backup their critical files such as documents and pictures.”
As with any ransomware attack, backups are a lifesaver here. We strongly recommend making regular backups of your data and running up to date malware protection to keep malvertising strikes at bay.
Have a nice (malware-free) day!