GoDaddy Sites Hijacked By Malvertising Attack

Visitors to the website of two US TV stations were unwittingly subjected to malvertising attacks that could have infected their PCs with dangerous malware and could affect other sites hosted with hosting provider GoDaddy.

Malwarebytes detected that two CBS-affiliated stations using GoDaddy website accounts were compromised in the attack, which was caused by the well-known Angler exploit kit.

And the security firm has now warned that many other GoDaddy users could also be at risk from having their accounts hijacked due to weak passwords.

Tuned in

The two affected stations were named by Malwarebytes as KMOV in St. Louis and WBTV in Charlotte, North Carolina. Both used Taggify and GoDaddy domains, which were hijacked to create various subdomains pointing to malicious servers which host malware.

These subdomains, which hosted the advertising content, were able to switch between a ‘clean’ version of the site and an infected version where users visiting the site were shown malicious ads.

A ‘rogue advertiser’ is suspected as being the culprit, Malwarebytes says, having subverted the Taggify self-serve ad platform to put unsuspecting viewers at risk.

The company has warned that under-strength passwords could pose a risk to many other users too.

“GoDaddy is one of the world’s largest registrars and, as such, it will experience many attacks against its platform across the globe”, Malwarebytes’ Jérôme Segura told TechWeekEurope.

“However, the weakness comes from website owners who have chosen poor passwords or have had their machines compromised.

“Trojans will harvest passwords stored in FTP clients or other software used to administer a site. Without the owner’s knowledge, attackers now possess the credentials to alter a site’s settings allowing them to make DNS changes, add subdomains, and so on.”

GoDaddy has been hit by major attacks before, most notably in 2012, when hackers affiliated to Anonymous took down the company’s entire operation, meaning millions of customers were left without access for several hours.

Malvertising has also become a growing threat in the online security space as hackers look for ever more ways to attack unsuspecting users, with previous Malwarebytes research finding that the UK is the world’s third-largest market for malvertising infections, behind only the US and Canada.

In March, major online publishers including the BBC, AOL and MSN were hit by an attack that installed potentially harmful adverts that could install ransomware or other malware on unsuspecting users’ devices if clicked on.

TechWeekEurope has contacted GoDaddy.

What do you know about Internet security? Find out with our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Microsoft Xbox Marketing Chief Leaves For Roblox

Microsoft loses Xbox marketing chief amidst executive changes in company's gaming division, broader layoffs and…

10 hours ago

YouTube Test Community ‘Notes’ Feature For Added Context

YouTube begins testing Notes feature that allows selected users to add contextual information to videos,…

10 hours ago

FTC Sues Adobe Over Hidden Fees, Termination ‘Resistance’

US regulator sues Photoshop maker Adobe over large, hidden termination fees, intentionally difficult cancellation process

11 hours ago

Tencent To Ban AI Avatars From Livestream Commerce

Chinese tech giant Tencent to ban AI hosts from livestream video platform as it looks…

11 hours ago

TikTok US Ban Appeal Gets 16 September Court Date

Action by TikTok, ByteDance and creators against US ban law gets 16 September hearing date,…

12 hours ago

US Surgeon General Calls For Warning Labels On Social Media

US surgeon general calls for cigarette-style warning labels to be shown on social media advising…

13 hours ago