STE WILLIAMS

Celeb goss and dross site TMZ has been serving the world’s worst exploit kit to its 30 million monthly visitors after malvertising scum compromised its advertising chain.

Readers of the site can be automatically redirected to malicious pages that serve the brutal Angler exploit kit which loads malware capable of all manner of data theft and ransomware including the horrid Cryptowall.

The attacks are the latest in a campaign that has targeted major web sites including Rotten Tomatoes, Makeuseof, and the Jerusalem Post.

Malwarebytes researcher Jerome Segura says the attackers gained access through ad platform ContextWeb and Smartyads, using CloudFlare to hide infrastructure.

“The malicious ad only cost $0.19 for one thousand user impressions, highlighting how cheap and effective malvertising can be,” Segura says.

“While we did not collect the payload in this case, it is quite likely to be one of the many different strains of ransomware.”

Segura says CloudFlare is investigating the use of its network by malvertisers but says the ad networks have kept mum.

The attackers use fake identities to fool the ad networks and benign-looking sites to cloak the attacks and backend infrastructure.

Boring ads are shown to ad-men conducting checks on those seemingly benign redirection sites. Only readers of compromised sites like TMZ or Rotten Tomatoes bear the referrer ticket that will trigger the attack.

The campaign has compromised some of the world’s most popular sites. The top 10 most visited of those compromised sites all attract between 4.4 million to 39.1 million visitors a month making it one of the more effective malvertising operations of late. ®

Sponsored:
Go beyond APM with real-time IT operations analytics

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2016/02/08/angler_vxers_pwn_tmz/