Malvertisements Spreads Ransomware Through Yahoo And AOL


Security researchers at ProofPoint have detected that the malvertisements (Malware advertisements) infects and then installs ransomware on user's PC.

User get infected by visiting a legitimate site, serving malicious advertisements. Then the ransomware encrypts the hard-drive and will not allow access until the victim pays a fee over the Internet for the decryption key.

HOW ?
Using Adobe Flash, the advertisements silently “pull in” malicious exploits from the FlashPack Exploit Kit. The exploits attack a vulnerability in the end-users browser and install CryptoWall 2.0 ransomware on end-users computers.

Typically, the end-users face an escalating time deadline; failure to pay by the deadline results in their hard drives being permanently encrypted, thus rendered effectively useless, with all information inaccessible.

Which Websites Serving Malicious Advertisements ?
According to ProofPoint, yahoo.com, realestate.aol.com, theatlantic.com, 9gag.com, match.com, www.smh.com.au, realestate.com.au, theage.com.au, stuff.co.nz, societe.com, dumpert.nl, flirchi.com, weatherzone.com.au, brisbanebrisbanetimes.com.au, rsvp.com.au, canberratimes.com.au, beaconnews.suntimes.com, merca20.com, clicccar.com, iphone4hongkong.com and noticiasargentinas.com are the impacted sites. But the sites themselves were not compromised.


Security Measures
1. Disable flash player in browsers. If you want to watch YouTube videos, use the HTML 5 player.
2. Install Malwarebytes Anti-exploit.
3. Browse those impacted websites with caution.
4. Implement Internet safety techniques.

No comments

Powered by Blogger.