Frequent visitors of websites belonging to some of the world's largest publishing properties such as the BBC, New York Times, and MSN should be wary of an attack on those sites that could put them at risk from ransomware.
It happened over the weekend apparently. Dark forces from the web ran what is known as a "malvertising" campaign, through which they were able to upload harmful ads that spread to websites belonging to reputable publishers.
According to one expert, last weekend's malicious campaign was the largest they'd ever seen in the past two years. By no means, however, were publishers like Newsweek or the New York Times at fault. The hackers were able to use methods beyond the publisher's control to get bad ads up on the websites.
The hackers used a tool called the Angler Exploit Kit which ran on servers around the world. The kit works by attempting to find software loopholes on a computer. When it finds a vulnerability, the Angler Exploit Kit then delivers its payload of malware. In this recent case, it delivered both malware and file-encrypting ransomware.
Even worse, security experts report that the Angler Exploit Kit has been updated to find and exploit further vulnerabilities. Whoever created the kit certainly wants to keep ahead of its competitors — those competitors being other hackers and security firms such as TrendMicro and Malwarebytes.
"Based on my analysis, once a user visits a page that loads the malicious ad, the said ad automatically redirects to two malvertising servers, the second of which delivers the Angler Exploit kit," writes Joseph Chen, fraud researcher at TrendMicro in a blog post.
"These are the top ad networks in the world," says Malwarebytes senior security researcher Jerome Segura, who went public about the situation after contacting major advertising networks such as Google's DoubleClick, Rubicon and AOL.
"For some reason, they were all affected. It was shocking to be honest."
It turns out that one of the best times to release a malicious campaign that has a better chance of spreading around the world is during the weekend. It's during the weekend that most companies are caught off guard simply because they aren't working.
Segura points out that he had to follow up with the advertising companies on Monday and others much later after initially trying to get in touch with them on Sunday.
Despite the public awareness surrounding the exploit, not all offending ads carrying the malicious software have been removed. Some websites like that of the BCC were still displaying the bad ads as of early Monday this week.