Millions At Risk After Top Publishers Hit By Malvertising Attack

A major malvertising attack has hit a number of the world’s top publishing sites, including such big names as the BBC, AOL and MSN.

The attack, revealed by security firm Malwarebytes, has installed potentially harmful adverts that could install ransomware or other malware on unsuspecting users’ devices if clicked on.

Websites including msn.com, nytimes.com, bbc.com, aol.com, nfl.com, and theweathernetwork.com have all been affected by the attack, meaning millions of web users could potentially be at risk.

At risk

Malwarebytes found that the attack built up slowly over time, initially utilising the RIG exploit kit to target smaller publishers.

However many of the most wide-reaching attacks are using the notorious Angler exploit kit, which targets vulnerabilities in Microsoft Silverlight and Adobe Flash to hijack adverts to download and install harmful software including ransomware when activated.

The company says it has notified the various ad networks affected, and will look to provide updates on its progress soon, particularly as fellow security firm Trend Micro detected the same attack earlier this week.

Trend Micro found that the exploit kit used has affected “tens of thousands of users”, who have had damaging Trojans installed on their PC using a variant of the Bedep backdoor.

“It’s important to note that while these popular sites are involved in the infection process they are, much like infected clients, victim of malvertising,” said Trustwave’s SpiderLabs Research. “The only ‘crime’ here is being popular and having high volumes of traffic going through their sites daily.”

Previous research from Malwarebytes found that the UK is the world’s third-largest market for malvertising infections, behind only the US and Canada.

Malvertising attacks have become increasingly popular in recent months, particularly when targeting dating websites, social networks and even adult websites.

What do you know about Internet security? Find out with our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

TikTok Asks For Emergency Pause On US Divestiture Law

TikTok, ByteDance ask court for emergency injunction to pause enforcement of divestiture law pending Supreme…

27 mins ago

OpenAI Seeks To Remove Commercial ‘AGI’ Constraint

ChatGPT developer OpenAI reportedly discussing removal of provision that blocks Microsoft from accessing super-intelligent AI

21 hours ago

EU Probes Nvidia AI Chip Business Practices

European Commission reportedly questions Nvidia competitors, customers over business practices in AI chip market over…

22 hours ago

Apple To Begin Using In-House 5G Modems Next Year

Apple reportedly planning to use first-generation in-house 5G modem in iPhone SE next year, hopes…

22 hours ago

EU Probes TikTok Influence On Romania Elections

European Commission queries TikTok for information on alleged Russian campaign to influence Romanian presidential election

23 hours ago

US Exempted China DRAM Makers From Controls ‘Under Pressure From Japan’

US exempted Chinese DRAM memory chip manufacturers from latest round of export controls under pressure…

23 hours ago