Jump to content
Our website is made possible by displaying online advertisements to our visitors.

Please consider supporting us by disabling your ad blocker.
Sign in to follow this  

Big-Name Sites Hit By Rash Of Malicious Ads Spreading Crypto Ransomware

Rate this topic

Recommended Posts

 rbear    240

Normally I wouldn't write about things like this, however, its really scarry out there. Take for instance just visiting a news site can install these things.. I have bolded what I have been infected with before for about 8 months or more before, finally detecting it. It was auto installed numerous times, sometimes without any ability to stop it. Basically, file dl's automatically from just visiting a website, auto opens and installs ???. You go back to look for the files wherever, they are not there. Every now and then the original dl is there, other times it self deletes. Anyhow you get the idea.., on to the story. Also somehow the json files auto scan and infect your products with non legit updates, presumably to take your clipboard.


Mainstream websites are falling victim to a new rash of malicious ads that attempt to surreptitiously install crypto ransomware and other malware on the computers of unsuspecting visitors, security firms warned. 

The tainted ads may have exposed tens of thousands of people over the past 24 hours alone, according to a blog post published Monday by Trend Micro. The new campaign started last week when "Angler," a toolkit that sells exploits for Adobe Flash, Microsoft Silverlight, and other widely used Internet software, started pushing laced banner ads through a compromised ad network. 

According to a separate blog post from Trustwave's SpiderLabs group, one JSON-based file being served in the ads has more than 12,000 lines of heavily obfuscated code. When researchers deciphered the code, they discovered it enumerated a long list of security products and tools it avoided in an attempt to remain undetected. 

"If the code doesn't find any of these programs, it continues with the flow and appends an iframe to the body of the html that leads to Angler EK [exploit kit] landing page," SpiderLabs researchers Daniel Chechik, Simon Kenin, and Rami Kogan wrote. "Upon successful exploitation, Angler infects the poor victim with both the Bedep trojan and the TeslaCrypt ransomware–double the trouble." 


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up to our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  1. Jump To Top