Recently, several major online advertising networks were tricked into distributing adverting that was infected with malware. Google, AOL, Rubicon, and AppNexus were some of the advertising distributors that were affected, and this impacted elite online publishers such as BBC, Newsweek, The New York Times, and MSN, and many many others that accepted advertsing from these networks. Most online advertising companies check ad submission for malware before publishing, but this ad was able to slip by undetected. Visitors to the affected websites, and many thousands of others, could have been infected with malware that was hosted in an ad.
As a casual web surfer, this can mean you got infected, and now you have a problem. If you own, operate, or manage a website, what this means is you are infecting your customers and visitors. Not a great way to build a good reputation and repeat business.
This is but one way that cyber-criminals use to distribute malware that infects computers in order to add the affected systems to a botnet, install crypto-ransomware exploits, banking Trojans, and other exploits. There are others.
- Malvertsing – By placing an ad with embedded malware code on a website, attackers can download malware kits to computers that visit these sites. If this advertising appears on your site, your visitors get a nasty case of malware.
- Website Hijacking – In this exploit, attackers log into a website with stolen administrative credentials, and do some “web designing” of their own, adding malware downloads to the home page and other high traffic pages. If this happens on your site, your brand and reputation is at risk.
- Web Site Cloning – In this case, attackers create clever look-alike pages and even entire websites, and direct traffic to the fake site, through phishing email links, search redirection exploits, DNS poisoning, or cyber-squatting on a close misspelling of a popular domain name (i.e. paypalc.om instead of paypal.com). In most cases these cloned sites are set up on servers or websites that were hijacked. If this happens on your server, your server may be blacklisted, blocked, or marked as a “dangerous site.”
For web surfers, keeping your anti-malware product up to date, and using the most recent (and secure) versions of your web browser (Internet Explorer, Edge, Chrome, Firefox, or Safari) is most of what you can do to protect yourself from these exploits. If you are online visiting websites, and something unusual or unexpected happens, you might want to take your computer offline and run a scan with your security software tool. These exploits can be hard to defend, so assuming that you were taken and responding aggressively to combat the possible infection is your best bet.
If you are a site owner, you need to get the problem fixed as quickly as possible. We like WordFence Security for WordPress sites and Sucuri for WordPress and a variety of other CMS web publishing platforms. We discussed this issue at length previously. See the links below for specific help.
- Naked Security
- Have a WordPress Site? Better Secure It
- No Fooling – How to Secure WordPress
- WordPress Security Learning Center
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com