Celebrity gossip blogging website PerezHilton.com was recently hit by two malvertising attacks in the span of less than a week.
Nick Bilogorskiy, senior director of threat intelligence at Cyphort, explains in a blog post that Cyphort Labs picked up on the first infection back on Saturday, April 30th:
“Cyphort crawler found that popular US website PerezHilton.com was redirecting users to an Angler Exploit Kit. According to SimilarWeb, PerezHilton.com has half a million visitors every day!”
Who was the rogue advertiser in this campaign, you might ask? It was “som.barkisdesign.com,” the same redirector behind another recent malvertising campaign that sent those who visited two CBS-affiliated television stations to landing pages for the Angler exploit kit.
In the first PerezHilton.com malvertising campaign, the redirector loaded up a malicious iframe that redirected users to Angler, which then pushed Bedep malware and CryptXXX ransomware onto a victim’s machine.
Then on May 6, just six days later, Cyphort Labs picked up on a second malvertising campaign.
This attack leveraged a different exploit kit, a different redirector from AOL (adtechus.com), and a page hosted by Amazon Cloudfront CDN to deliver the malware to users.
Given the prevalence of malvertising, it is no wonder users are increasingly resorting to adblockers to protect themselves and their machines against harmful software. As revealed by Bilogorskiy:
“Malvertising continues to be one of the preferred vectors for attackers to compromise users’ machines with malware. Many users fought back by disabling all advertising to secure themselves. Nearly 200 million now use Adblock, according to Statista. In 2015, this form of ad blocking cost publishers nearly $22 billion dollars.”
At the very least, ordinary users should make a special point of implementing all software and security updates as soon as they become available. Doing so will not stop a malvertising campaign from redirecting them to a malicious website, but it could prevent an exploit kit like Angler from taking advantage of open software vulnerabilities on their computers.
Users should also consider installing an anti-virus solution and an adblocking browser extension on their machines.
In the meantime, Bilogorskiy recommends that advertising networks should continuously monitor for suspicious changes and malicious ads to help curb the spread of malvertising attacks.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
One comment on “Perez Hilton website visitors hit by two malvertising attacks in same week”
I would love to know how the ad industry comes up with these loss figures. People using adblocker are the least likely to click on ads in the first place, let alone buy anything using that avenue. When I do buy online, I go directly to the site.
When enough people use blockers, then maybe, finally, the ad industry and website designers will fix their glaring problems. I don't have a complete aversion to ads, but the obnoxious SDKs that present them in an insecure way. Websites need to take responsibility for how, and what they display on their pages. Multitudes of discussions have taken place, but no one seems to be listening to the consumer. Until then, I hope more people start using blockers.