Celebrity gossip blogging website PerezHilton.com was recently hit by two malvertising attacks in the span of less than a week.
Nick Bilogorskiy, senior director of threat intelligence at Cyphort, explains in a blog post that Cyphort Labs picked up on the first infection back on Saturday, April 30th:
“Cyphort crawler found that popular US website PerezHilton.com was redirecting users to an Angler Exploit Kit. According to SimilarWeb, PerezHilton.com has half a million visitors every day!”
Who was the rogue advertiser in this campaign, you might ask? It was “som.barkisdesign.com,” the same redirector behind another recent malvertising campaign that sent those who visited two CBS-affiliated television stations to landing pages for the Angler exploit kit.
In the first PerezHilton.com malvertising campaign, the redirector loaded up a malicious iframe that redirected users to Angler, which then pushed Bedep malware and CryptXXX ransomware onto a victim’s machine.
Then on May 6, just six days later, Cyphort Labs picked up on a second malvertising campaign.
This attack leveraged a different exploit kit, a different redirector from AOL (adtechus.com), and a page hosted by Amazon Cloudfront CDN to deliver the malware to users.
Given the prevalence of malvertising, it is no wonder users are increasingly resorting to adblockers to protect themselves and their machines against harmful software. As revealed by Bilogorskiy:
“Malvertising continues to be one of the preferred vectors for attackers to compromise users’ machines with malware. Many users fought back by disabling all advertising to secure themselves. Nearly 200 million now use Adblock, according to Statista. In 2015, this form of ad blocking cost publishers nearly $22 billion dollars.”
At the very least, ordinary users should make a special point of implementing all software and security updates as soon as they become available. Doing so will not stop a malvertising campaign from redirecting them to a malicious website, but it could prevent an exploit kit like Angler from taking advantage of open software vulnerabilities on their computers.
Users should also consider installing an anti-virus solution and an adblocking browser extension on their machines.
In the meantime, Bilogorskiy recommends that advertising networks should continuously monitor for suspicious changes and malicious ads to help curb the spread of malvertising attacks.