Petronella Blog Archive

Visit our New Blog

Massive Malware Attack on Major Websites

Blog Post

Over the weekend, some of the world's biggest websites and media organizations got hit by attack of malicious banner ads. Sites for groups like The New York Times, AOL, the BBC, MSN, Xfinity, NFL, The Weather Network, The Hill, and Newsweek have all been affected with it.  It quickly spread to answers.com, zerohedge.com, infolinks.com, and realtor.com. When clicked on, these ads attempt to install malware, including crypto ransomware on visitors' computers.

According to Trend Micro, tens of thousands of people could have been infected just in the last 24 hours. Starting last week, a toolkit called Angler that sells exploits for Adobe Flash, Microsoft Silverlight, and other Internet programs started sending out infected ads.

Within the code for these ads is a long list of security products which was being used to avoid detection. If none of these security measures are found the visitor is lead to an Angler landing page. From there the unsuspecting computer is infected with both the Bedep Trojan virus and TeslaCrypt ransomware.

It appears that whoever is responsible for the attack is doing so by snatching up expired domain names that have the word "media"  in them, thus taking advantage of the reputation of a legitimate site and by pushing the malware through these domains whose ad network is compromised.

Though TeslaCrypt only infects Windows users, after last week's discovery of Mac-based ransomware and the scope of this attack, everyone should take notice. For now it would probably be a good idea for anyone browsing the web to remove any third-party browser extensions including Adobe Flash, Oracle Java, Microsoft Silverlight, unless you absolutely need them. Windows users who aren't using Windows 10 should consider upgrading and running Microsoft's Enhanced Mitigation Experience Toolkit.  Anyone browsing the Web should use the  64-bit version of Chrome and make sure they install all updates when they come out.