Major sites including New York Times and BBC hit by ‘ransomware’ malvertising

Major sites including New York Times and BBC hit by ‘ransomware’ malvertising
Olympus has fallen.

A number of major news websites have seen adverts hijacked by a malicious campaign that attempts to install “ransomware” on users computers, according to a warning from security researchers Malwarebytes.

The attack, which was targeted at US users, hit websites including the New York Times, the BBC, AOL and the NFL over the weekend. Combined, the targeted sites have traffic in the billions of visitors.

The malware was delivered through multiple ad networks, and used a number of vulnerabilities, including a recently-patched flaw in Microsoft’s former Flash competitor Silverlight, which was discontinued in 2013.

When the infected adverts hit users, they redirect the page to servers hosting the malware, which includes the widely-used (amongst cybercriminals) Angler exploit kit. That kit then attempts to find any back door it can into the target’s computer, where it will install cryptolocker-style software, which encrypts the user’s hard drive and demands payment in bitcoin for the keys to unlock it.

Continue reading →


Commenting Policy

We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse.

You may use HTML in your comments. Feel free to review the full list of allowed HTML here.