Emerging Threats

Major news-sites hit with large-scale malvertising campaign


Authored by a Symantec employee

 

Just when you think the Angler Exploit Kit is wreaking havoc to its full potential, it surprises us by getting more aggressive.

Last weekend several mainstream websites, fell victim to a massive malvertising campaign. The tainted ads in these websites may have directed thousands of unsuspecting users to a landing page hosting the notorious Angler Exploit Kit, a kit that stealthily installs crypto-ransomware and other malware on computers.

What is Malvertising?

Malvertising is a shortened term for malicious advertising, and uses legitimate online advertising services to spread malware. Malvertising requires placing malware infected advertisements on regular web pages through authentic online advertising networks in order to infect a device through the web browser.

What is an Exploit Kit?

An exploit kit opens a medium for cyber criminals to communicate with your system and feed it codes that include different types of commands. These kits are big money in the underground economy.

How Does it all work?

Once someone lands on the ad they are then redirected to the landing page carrying the Angler Exploit Kit. Here it checks for vulnerabilities and attempts to install the ransomware. If it is installed, it encrypts files on the user’s computer and a ransom note appears demanding payment in form of bitcoins for the release of files. A user does not need to click on a pop-up in order to get redirected.

How can I protect myself?

  • Users are advised to make sure that they keep their applications and systems up-to-date with the latest security patches; Angler Exploit Kit is known to exploit vulnerabilities in systems that don’t have the latest updates.
  • Always keep your security software up to date to protect yourself against any new variants of malware. Norton Security Premium has always been in the forefront of early detection and prevention of malicious attacks.
  • Regularly back up any files stored on your computer. If your computer does become infected with ransomware, your files can be restored once the malware has been removed.
  • If you suspect that a site you use has been compromised, notify the site’s administrator as soon as possible to prevent the attack from spreading further.


Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.