KnowBe4 Warns of Massive Web Ad Poisoning of News and Weather Sites

Share Article

Malvertizing is alive and well spreading CryptoWall ransomware through poisoned ads.

Poisoned ads use Angler Exploit to drop ransomware

Malware warning

The same cybercrime lowlifes that infected the Yahoo website a few weeks ago have struck again, and were serving poisoned web ads which either dropped CryptoWall ransomware or infected the PC with adware. - Stu Sjouwerman, KnowBe4 CEO

KnowBe4 issued a statement over the weekend warning IT managers of a new blast of ransomware infections caused by malvertizing, misusing publishing network Adspirit.de. This network is used by companies such as Drudgereport.com, Weather.com, wunderground.com and has apparently spread to eBay and AOL.com, sites visited by millions of users according to security researchers at MalwareBytes and reported by ArsTechnica and SC Magazine.

According to KnowBe4 CEO Stu Sjouwerman,“The same cybercrime lowlifes that infected the Yahoo website a few weeks ago have struck again, and were serving poisoned web ads which either dropped CryptoWall ransomware or infected the PC with adware.”

Most employees who browse the web during the day or over lunch do not understand the mechanics of modern ad networks. Once an ad network is subverted, hundreds of millions of poisoned ads are displayed in real-time. Many of these ads initiate a drive-by attack without the user having to do anything. The attack does a few redirects, kicks in a U.S. and Canada-focused Exploit Kit which checks for vulnerabilities (usually in Flash) and infects the workstation literally in seconds.

According to Sjouwerman, this is a hard one to defend against, because it can be hidden behind an SSL to Microsoft's Azure Cloud, making it difficult to detect. Cybercriminals attempt to fool the ad network into thinking they are a legit advertiser, but the ads which are displayed on major websites are poisoned. If someone then browses to a page with a poisoned ad on it, it is enough to run the risk a PC will be encrypted with ransomware, which costs an average of $500 dollars to get files back.

Sjouwerman encourages IT managers to warn their staff and help them understand how such ad poisoning works so users are protected in any type of environment. Sjouwerman further advises, “First, disable Adobe Flash on your computer - or at least set the Adobe Flash plug-in to "click-to-play" mode - which blocks the automatic infections. Second, keep up-to-date with all the security patches and install them as soon as they come out. Third, download and install Ad Blocker plug-ins for your browser, these prevent the ads from being displayed in your browser to start with. These ad blockers are getting very popular, hundreds of millions of people use them.

In an organization’s network, you could: 1) Get rid of Flash all together, or 2) Deploy ad blockers using group policy. There are free solutions such as Adblock Plus in Chrome which work well and can help protect a network.”

For more information visit: http://www.knowbe4.com

About Stu Sjouwerman and KnowBe4
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which hosts the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help organizations manage the problem of cybercrime social engineering tactics through new school security awareness training. KnowBe4 services 1500 organizations in a variety of industries, including highly-regulated fields such as healthcare, finance, energy, government and insurance and is experiencing explosive yearly growth of 300%. Sjouwerman is the author of four books, with his latest being “Cyberheist: The Biggest Financial Threat Facing American Businesses.”

About Kevin Mitnick
Kevin Mitnick, ‘the World’s Most Famous Hacker’, is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecom devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and keynote speaker and has authored four books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC as its Chief Hacking Officer.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Kathy Wattman
KnowBe4, LLC
+1 (727) 474-9950
Email >
Visit website