The same CyberCriminals that infected the Yahoo site a few weeks ago, have struck again. This time, infecting sites like DrudgeReport.com and Weather.com. Both sites have hundreds of millions of visitors per month, and both were serving poisoned web ads to their visitors, which either dropped CryptoWall ransomware or infected the person’s PC with adware.
How It Works
Website advertisers do not sell their website ad-space to one website at a time. Websites that want to make money, sell their advertising space to an Ad Network. Advertisers sign contracts with Ad Networks, which then displays the ads on the websites that they bought ad-space on. The Ad Network sits in the middle between the advertisers and the websites, and they manage the traffic and the payments.
CyberCriminals fool the Ad Networks into thinking that they are a legitimate advertiser, but the ads they give the Ad Network to display are Poisoned. Once an ad network is subverted, hundreds of millions of poisoned ads are displayed in real-time. Many of these ads initiate a drive-by attack without you having to do anything. If you browse to a page with a Poisoned ad on it, it runs the risk of having your PC encrypted with ransomware (which will cost you a minimum of $500 to rid yourself of, unless you have a very recent backup!). The attack infects the computer literally in seconds.
What to Do
For Single Computers:
- Disable “Adobe Flash” on your computer. Or, at least set the Adobe Flash plug-in to “click-to-play” mode – which blocks the automatic infections.
- Update your security patches, and install them as soon as they come out. A majority of infections are due to security patches not being updated.
- Download and install “Ad Blocker” plug-ins for your browser. These prevent the ads from being displayed in your browser to begin with. With the massive increase of PC infections, ad blockers are becoming increasingly popular.
For Computer Networks:
- Get rid of “Adobe Flash” altogether. This is a frequent solution for many businesses.
- Deploy ad blockers using group policy. Here is a forum post at the AdBlockPlus site where it is explained how this can be done: https://adblockplus.org/forum/viewtopic.php?t=29880
Not sure if your company is safe? Ask us for a FREE Network Security Assessment!
Check out our “Email Red Flags” for what to watch for, in suspicious emails.
Ask us about our “Core Security Solutions” package!