Visitors to pop culture website PerezHilton.com have been redirected to an Angler Exploit Kit variant as a result of a malvertising attack.
Researchers at Cyphort have discovered that the EK, dubbed som.barkisdesign.com, is automatically downloaded to website visitors’ computers without any interaction triggers. PerezHilton.com sees a half-million visitors per day, looking for celebrity gossip.
Angler is known to drop Bedep malware onto unsuspecting users’ machines, which will further download and infect the victim’s machine with the notorious CryptXXX ransomware.
The Exploit Kit is also the culprit behind similar recent attacks on CBS affiliates.
Malvertising continues to be one of the preferred vectors for attackers to compromise users’ machines with malware. Cypher Labs' crawler monitors top sites in the world 24×7 to find cases of malicious code served via drive-by exploits. Most of the sites we see serving exploits are not compromised themselves, but redirect to advertisers poisoned by malware. The technique has seen phenomenal growth since August of 2015.
“Malvertising is effective because users tend to trust mainstream, high-trafficked ‘clean’ websites. The attackers abuse this trust to infect them via third-party ad content—and in increasing numbers. In 2014, the number of unique domains was 910; in the last half of 2015 it had spiked to 1,654. Now, in 2016, that number is 2,102.
“As you can see malvertising growth continues, and is on pace for the largest year ever,” said Nick Bilogorskiy, director of security research at Cyphort Labs, in an analysis. “We discover new interesting malvertising cases on a daily basis. We have seen other popular websites in early May using the same som.barkisdesign.com redirector…[and] we predict that malvertising will continue to rise.”
Many end users have fought back by disabling all advertising to secure themselves. Nearly 200 million now use Adblock, according to Statista. In 2015, this form of ad blocking cost publishers nearly $22 billion dollars.
“Advertising networks should use continuous monitoring—automated systems for repeated checking for malware ads, need to scan early and scan often, picking up changes in the advertising chains, and leverage the latest threat intelligence to power these monitoring systems,” advised Bilogorskiy.
Photo © LeoWolfert