GoDaddy Sites Hijacked By Malvertising Attack

Visitors to the website of two US TV stations were unwittingly subjected to malvertising attacks that could have infected their PCs with dangerous malware and could affect other sites hosted with hosting provider GoDaddy.

Malwarebytes detected that two CBS-affiliated stations using GoDaddy website accounts were compromised in the attack, which was caused by the well-known Angler exploit kit.

And the security firm has now warned that many other GoDaddy users could also be at risk from having their accounts hijacked due to weak passwords.

Tuned in

The two affected stations were named by Malwarebytes as KMOV in St. Louis and WBTV in Charlotte, North Carolina. Both used Taggify and GoDaddy domains, which were hijacked to create various subdomains pointing to malicious servers which host malware.

These subdomains, which hosted the advertising content, were able to switch between a ‘clean’ version of the site and an infected version where users visiting the site were shown malicious ads.

A ‘rogue advertiser’ is suspected as being the culprit, Malwarebytes says, having subverted the Taggify self-serve ad platform to put unsuspecting viewers at risk.

The company has warned that under-strength passwords could pose a risk to many other users too.

“GoDaddy is one of the world’s largest registrars and, as such, it will experience many attacks against its platform across the globe”, Malwarebytes’ Jérôme Segura told TechWeekEurope.

“However, the weakness comes from website owners who have chosen poor passwords or have had their machines compromised.

“Trojans will harvest passwords stored in FTP clients or other software used to administer a site. Without the owner’s knowledge, attackers now possess the credentials to alter a site’s settings allowing them to make DNS changes, add subdomains, and so on.”

GoDaddy has been hit by major attacks before, most notably in 2012, when hackers affiliated to Anonymous took down the company’s entire operation, meaning millions of customers were left without access for several hours.

Malvertising has also become a growing threat in the online security space as hackers look for ever more ways to attack unsuspecting users, with previous Malwarebytes research finding that the UK is the world’s third-largest market for malvertising infections, behind only the US and Canada.

In March, major online publishers including the BBC, AOL and MSN were hit by an attack that installed potentially harmful adverts that could install ransomware or other malware on unsuspecting users’ devices if clicked on.

TechWeekEurope has contacted GoDaddy.

What do you know about Internet security? Find out with our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Boeing Starliner Launches Successfully, On Route To International Space Station

Boeing's crewless space taxi, CST-100 Starliner, one step closer to NASA certification, as it enters…

2 days ago

Apple Accused By Union Of Staff Law Violations At NY Store

Staff at Apple's World Trade Centre store in New York are allegedly being questioned and…

2 days ago

Canada To Join Five Eyes 5G Ban On Huawei/ZTE

Making it official. Canada is to turn its unofficial ban on 5G kit from Huawei…

2 days ago

Twitter To Hide Tweets That Share False Information During A Crisis

Potentially risking Elon's wrath over free speech, Twitter says it will hide tweets spreading misinformation…

3 days ago

Boeing Starliner Test Flight Readied For Tonight

Third time the charm? Main rival to SpaceX's Dragon capsule, the embattled Boeing Starliner spacecraft,…

3 days ago

September 13 Slated For iPhone 14 Launch – Report

No surprise there. Apple is slated to launch the iPhone 14 on 13 September according…

3 days ago