Yahoo & AOL Visitors Hit by Ransomware

Yahoo & AOL Visitors Hit by Ransomware

Security research firm Proofpoint is reporting that recent visitors to sites such as Yahoo & AOL may have been infected with ransomware through malvertisements.

What did Proofpoint detect?

Without having to click on anything, visitors to the impacted websites may be stealthily infected with the CryptoWall 2.0 ransomware. Using Adobe Flash, the malvertisements silently “pull in” malicious exploits from the FlashPack Exploit Kit. The exploits attack a vulnerability in the end-users’ browser and install CryptoWall 2.0 on end-users’ computers. Similar to the behavior of other “ransomware,” CryptoWall then encrypts the end-users’ hard drive and will not allow access until the victim pays a fee over the Internet for the decryption key. Typically, the end-users face an escalating time deadline; failure to pay by the deadline results in their hard drives being permanently encrypted, thus rendered effectively useless, with all information inaccessible.


Which websites were impacted?

Proofpoint detected that the following large websites were serving malvertisements which delivered the FlashPack exploit kit to visitors. The sites themselves were not compromised; rather, the advertising networks upon which they relied for dynamic content were inadvertently serving malware – which in turn, was not due to an explicit compromise of the networks; rather, it was due to the networks accepting ads from a malicious source without screening detection. The sites’ domain and Alexa rankings are displayed in parenthesis after each in order to provide context of potential end-user impact. All told, more than 3 million visitors per day were potentially exposed to this malvertising campaign.

Yahoo! Finance, Fantasy and Sports (yahoo.com, Global 4, US 4),
AOL (realestate.aol.com, US 37, Global 119),
The Atlantic ( theatlantic.com, US 386, Global 1,206),
9GAG (9gag.com, US 528, Global 201,),
match.com (US 203, Global 631),
The Sydney Morning Herald (www.smh.com.au, Australia 13, Global 780),
realestate.com.au (Australia 17, Global 1,656),
The Age (theage.com.au, Australia 34),
stuff.co.nz (New Zealand 9),
societe.com (France 54, Global 1,649),
Dumpert (dumpert.nl, Netherlands 24),
Flirchi (flirchi.com, India 106, Global 1,129),
Weatherzone Australia (weatherzone.com.au, Australia 111),
Brisbane Times (brisbanebrisbanetimes.com.au, Australia 183),
RSVP (rsvp.com.au, Australia 351),
The Canberra Times (canberratimes.com.au, Australia 403),
Time Out (US 1,145, Global 1,816),
The Beacon-News (beaconnews.suntimes.com, US 1,178),
Merca2.0 (merca20.com, Mexico 229),
clicccar.com (Japan 1,124),
iPhone for Hong Kong (iphone4hongkong.com, HK 112),
Noticias Argentinas (noticiasargentinas.com, Argentina 784)

http://www.proofpoint.com/threatinsight/posts/malware-in-ad-networks-infects-visitors-and-jeopardizes-brands.php

237 total views, 1 views today

(Visited 111 times, 1 visits today)

6 thoughts on “Yahoo & AOL Visitors Hit by Ransomware

  1. Anyone caught in this should forward the bill to A.O.L. and/or Yahoo since it was their negligence to not screen the advertisers. Maybe if it costs THEM money they will be a little more careful with who they let advertise.

    This is right up there with the mess at Home Depot. They are being charged with Criminal Negligence.

  2. I use AdBlock Plus, and never see ads in the first place. I don’t think the malads will affect me in this way, but there’s always a first time …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.