Major news-sites hit with large-scale malvertising campaign
Authored by a Symantec employee
Just when you think the Angler Exploit Kit is wreaking havoc to its full potential, it surprises us by getting more aggressive.
Last weekend several mainstream websites, fell victim to a massive malvertising campaign. The tainted ads in these websites may have directed thousands of unsuspecting users to a landing page hosting the notorious Angler Exploit Kit, a kit that stealthily installs crypto-ransomware and other malware on computers.
What is Malvertising?
Malvertising is a shortened term for malicious advertising, and uses legitimate online advertising services to spread malware. Malvertising requires placing malware infected advertisements on regular web pages through authentic online advertising networks in order to infect a device through the web browser.
What is an Exploit Kit?
An exploit kit opens a medium for cyber criminals to communicate with your system and feed it codes that include different types of commands. These kits are big money in the underground economy.
How Does it all work?
Once someone lands on the ad they are then redirected to the landing page carrying the Angler Exploit Kit. Here it checks for vulnerabilities and attempts to install the ransomware. If it is installed, it encrypts files on the user’s computer and a ransom note appears demanding payment in form of bitcoins for the release of files. A user does not need to click on a pop-up in order to get redirected.
How can I protect myself?
- Users are advised to make sure that they keep their applications and systems up-to-date with the latest security patches; Angler Exploit Kit is known to exploit vulnerabilities in systems that don’t have the latest updates.
- Always keep your security software up to date to protect yourself against any new variants of malware. Norton Security Premium has always been in the forefront of early detection and prevention of malicious attacks.
- Regularly back up any files stored on your computer. If your computer does become infected with ransomware, your files can be restored once the malware has been removed.
- If you suspect that a site you use has been compromised, notify the site’s administrator as soon as possible to prevent the attack from spreading further.
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.