Millions At Risk After Top Publishers Hit By Malvertising Attack

A major malvertising attack has hit a number of the world’s top publishing sites, including such big names as the BBC, AOL and MSN.

The attack, revealed by security firm Malwarebytes, has installed potentially harmful adverts that could install ransomware or other malware on unsuspecting users’ devices if clicked on.

Websites including msn.com, nytimes.com, bbc.com, aol.com, nfl.com, and theweathernetwork.com have all been affected by the attack, meaning millions of web users could potentially be at risk.

At risk

Malwarebytes found that the attack built up slowly over time, initially utilising the RIG exploit kit to target smaller publishers.

However many of the most wide-reaching attacks are using the notorious Angler exploit kit, which targets vulnerabilities in Microsoft Silverlight and Adobe Flash to hijack adverts to download and install harmful software including ransomware when activated.

The company says it has notified the various ad networks affected, and will look to provide updates on its progress soon, particularly as fellow security firm Trend Micro detected the same attack earlier this week.

Trend Micro found that the exploit kit used has affected “tens of thousands of users”, who have had damaging Trojans installed on their PC using a variant of the Bedep backdoor.

“It’s important to note that while these popular sites are involved in the infection process they are, much like infected clients, victim of malvertising,” said Trustwave’s SpiderLabs Research. “The only ‘crime’ here is being popular and having high volumes of traffic going through their sites daily.”

Previous research from Malwarebytes found that the UK is the world’s third-largest market for malvertising infections, behind only the US and Canada.

Malvertising attacks have become increasingly popular in recent months, particularly when targeting dating websites, social networks and even adult websites.

What do you know about Internet security? Find out with our quiz!