Recently, several major online advertising networks were tricked into distributing adverting that was infected with malware. Google, AOL, Rubicon, and AppNexus were some of the advertising distributors that were affected, and this impacted elite online publishers such as BBC, Newsweek, The New York Times, and MSN, and many many others that accepted advertsing from these networks. Most online advertising companies check ad submission for malware before publishing, but this ad was able to slip by undetected. Visitors to the affected websites, and many thousands of others, could have been infected with malware that was hosted in an ad.
As a casual web surfer, this can mean you got infected, and now you have a problem. If you own, operate, or manage a website, what this means is you are infecting your customers and visitors. Not a great way to build a good reputation and repeat business.
This is but one way that cyber-criminals use to distribute malware that infects computers in order to add the affected systems to a botnet, install crypto-ransomware exploits, banking Trojans, and other exploits. There are others.
- Malvertsing – By placing an ad with embedded malware code on a website, attackers can download malware kits to computers that visit these sites. If this advertising appears on your site, your visitors get a nasty case of malware.
- Website Hijacking – In this exploit, attackers log into a website with stolen administrative credentials, and do some “web designing” of their own, adding malware downloads to the home page and other high traffic pages. If this happens on your site, your brand and reputation is at risk.
- Web Site Cloning – In this case, attackers create clever look-alike pages and even entire websites, and direct traffic to the fake site, through phishing email links, search redirection exploits, DNS poisoning, or cyber-squatting on a close misspelling of a popular domain name (i.e. paypalc.om instead of paypal.com). In most cases these cloned sites are set up on servers or websites that were hijacked. If this happens on your server, your server may be blacklisted, blocked, or marked as a “dangerous site.”
For web surfers, keeping your anti-malware product up to date, and using the most recent (and secure) versions of your web browser (Internet Explorer, Edge, Chrome, Firefox, or Safari) is most of what you can do to protect yourself from these exploits. If you are online visiting websites, and something unusual or unexpected happens, you might want to take your computer offline and run a scan with your security software tool. These exploits can be hard to defend, so assuming that you were taken and responding aggressively to combat the possible infection is your best bet.
If you are a site owner, you need to get the problem fixed as quickly as possible. We like WordFence Security for WordPress sites and Sucuri for WordPress and a variety of other CMS web publishing platforms. We discussed this issue at length previously. See the links below for specific help.
- Naked Security
- Have a WordPress Site? Better Secure It
- No Fooling – How to Secure WordPress
- WordPress Security Learning Center