You've been Drudged! Malware-squirting ads appear on websites with 100+ million visitors

[Batu69]

eBay, Drudge Report, etc inadvertantly carry evil adverts

Internet lowlives who used Yahoo! ads to infect potentially countless PCs with malware have struck again – using adverts on popular websites to reach millions more people.

Security researchers at MalwareBytes this week discovered the crooks running another massive campaign of ads that use the Angler Exploit Kit to infiltrate Windows PCs via vulnerabilities in Adobe Flash and web browsers.

Prominent websites including the Drudge Report and Weather.com – a pair of sites whose total traffic alone amounts to nearly 200 million visits per month – were apparently carrying the ads, putting millions of netizens at risk.

MalwareBytes said the network carrying the ads, AdSpirit, was notified, and it has since taken down the offending adverts. The campaign has now moved to AOL's ad network, with dodgy adverts appearing on eBay, we're told.

Like the attacks spotted last week on Yahoo! sites, the malicious ads silently load, through a chain of web redirects, script code that attempts to exploit software vulnerabilities on the visiting PC, and install either an adware package or the CryptoWall ransomware.

As soon as the ad is loaded on the page, the attack is attempted without any click or interaction from the user. Disabling Flash or setting the plugin into "click-to-play" mode will slash the risk of attack. Keeping fully up-to-date with security patches will also help: the exploit kits tend to target old-day rather than zero-day vulnerabilities.

A similar malvertising attack from the CryptoWall gang was spotted in 2014, when Yahoo! was once again used to serve up the attack ads. Such operations do not involve infecting the ad networks themselves, but rather duping the networks into serving files that contain the exploit code.

"I think supporting free content is fine but not with the kind of risk it entails. People already hate ads, and we really didn’t need another incentive to block them," said MalwareBytes senior security researcher Jérôme Segura.

"The popularity of ad blockers may really force the ad industry’s hand to change how they go about advertising."

Source

[CODYQX4]

At this point I believe zero browser plugins, and a highly potent adblocker, is a vastly more effective security tool than AV. Most people get duped, and hey, when Google pushes malware to the top as ads when you search for an app, what do you expect?

[AR_Alex]

You could always check the task manager while browsing a suspicious website. There you will see something that's not supposed to spike up, will. This will stop any malware from running/ installing in your computer, but you need to have a good eye.

[straycat19]

At this point I believe zero browser plugins, and a highly potent adblocker, is a vastly more effective security tool than AV. Most people get duped, and hey, when Google pushes malware to the top as ads when you search for an app, what do you expect?

Totally agree, though I do use a few plugins with an adblocker and no installed AV software. Additionally, I have blocked installs from the Appdata folder. It can be a pain when a software upgrade is automatically downloaded and then cannot run but will save you from all the malicious junk you might come across.