Nasty malware infections have been spread via the world’s largest dating website, which has been serving malicious web adverts to its visitors. Individuals trying to attract a new partner via the Match.com’s UK site may have found out that it is much easier to attract malware.
Malicious web adverts used for drive-by malware downloads
Users of the dating website were not required to download any malware manually. Their browsers were probed for security vulnerabilities that could be exploited without any user interaction required. Provided they were enticed to click on one of the malicious website adverts served via Match.com, they would be directed to a site that contained an exploit kit. That exploit kit would then download malicious software onto their devices, delivering a payload of ransomware without their knowledge. Files would subsequently be locked by Cryptowall ransomware until such time that the victim paid a ransom.
Match.com is hugely popular and attracts over 5 million visitors every month in the UK alone. The potential for infection with malware was considerable, although it is not known how many individuals have been infected as a result of clicking on the malicious web adverts.
Malicious web adverts can be placed on popular sites for just a few cents
Malicious web adverts are displayed via ad networks that popular websites use as an additional revenue source. Code is placed on a website and adverts will be displayed.
Participants in the ad programs are able to select the websites where they want their adverts displayed. The cost of displaying each advert is set by the popularity of the website. For just a few cents, the criminals behind the malvertising campaign were able to target Match.com’s users. Reportedly for a cost of just 36 cents. Malvertisers were keen to take advantage of the huge traffic that the site attracts.
Most websites serve adverts of some description. They are an essential revenue stream that site owners can ill afford to ignore. While ad networks do vet the companies that sign up, some rogue advertisers invariable get past the controls and manage to get their malicious web adverts displayed. Once discovered, the accounts are blocked by the ad networks, although not before the malicious website adverts have been displayed to millions of individuals.
Once Match.com discovered that its site was being used to display malicious website adverts, to protect its site visitors the company temporarily suspended all advertising until the problem was addressed. Unlike the Ashley Madison hack, no user data was exposed as a result of the security breach.
How to protect against malicious web adverts
Malvertising campaigns are increasingly common but attacks can be easily prevented. Drive by downloads are possible, but users will need to be directed to a website hosting an exploit kit. They must have a browser that can be exploited.
Protecting against malicious web adverts requires all browsers and browser plugins to be kept up to date. As soon as a new version of a browser or plugin is available for download it must be installed.
When zero-day vulnerabilities are discovered security professionals get to work developing patches to plug the security holes. There is a lag however, and during that time users will be at risk.
For the individual the risk may be relatively low, but for an employer with tens or hundreds of end users, that risk will be considerable. One of the best methods to ensure corporate networks and devices are protected is to employ a web filtering solution such as WebTitan.
WebTitan can be configured to block third party adverts from being displayed on websites. If adverts are not displayed, they cannot be clicked and end users’ devices and corporate networks will be protected from drive-by malware downloads.