‘Malvertising’ attack came from advert on Huffington Post and several other news sites
Cybercrime is apparently looking to refresh its image for the summer season following the discovery of a new type of fashion-related malware.
Security firm Malwarebytes has revealed its researchers discovered a malicious advert on several leading news sites (including the Huffington Post) for famous menswear brand Hugo Boss.
This advert was used to deliver the Cryptowall ransomware via a Flash exploit, which when clicked on, downloaded the malware onto computers running outdated versions of Flash.
Don’t click this ad
Malwarebytes says that this Hugo Boss-themed attack is different to many other Flash-related exploits in that the advert itself (which could be for any brand) is also used as the exploit. This is the work of the Flash EK, which likes the ‘two birds, one stone’ approach.
The ad was loaded by a third-party advertiser (servedbyadbutler.com), meaning the criminals must have won the trust of an ad agency before packaging the exploit in the advert itself – a risky move when involving a third party.
‘Malvertising’ threats have proven to be a growing area in the cybersecurity field over the past few years as more and more sites depend on adverts for revenue.
A number of big names have seen their sites hit by some exploits, including celebrity chef Jamie Oliver, whose website was discovered to be serving up an unappetising dish of malware by Malwarebytes earlier this year.
Last year, research from a newly formed security intelligence group at Cisco revealed a large malvertising network that impacted well-known domains, including Amazon, Yahoo and YouTube.
How much do you know about hacking? Take our quiz!