Although initially it was thought likely that the attacks had entered the universities’ servers via poisoned emails (it’s very normal to see ransomware being spread via malicious email attachments), it transpires that the actual vector for infection was malvertising instead.
More details can be found in this technical article by researchers at Proofpoint, who believe that an AdGholas drive-by malvertising campaign helped infect the universities with the Mole ransomware, taking advantage of an exploit kit.
Malvertising – or malicious advertising – see poisoned adverts placed on legitimate websites. You surf to the website on a vulnerable computer, and you could have your computer infected just by browsing the page containing the ad. It’s important to realise that you don’t need to click on a malicious ad to be infected by it.
Many sites, including some very famous ones, have suffered from malvertising being used to spread attacks to their visitors in the past – and it seems that advertising networks continue to struggle to keep poisoned ads out of their stream.
My answer to this? Well, obviously you should keep your computers up-to-date with security patches and the latest anti-virus software, but you should also strongly consider running an ad blocker.
An ad blocker will prevent ads from appearing in your browser. It means that your browsing will not only be faster and more private (unscrupulous advertisers are known to track your movements online), but also safer.
Of course, running an ad blocker doesn’t help those sites which are trying to earn a buck through the ads that they plaster over their sites. If you want to support the sites you love, investigate whether you can help it in other ways – such as paying a subscription which offers no ads, or encourage companies to sponsor the site.
Until advertising networks manage to clean up their act, and stop distributing ads that are put our privacy and security at risk, I can’t advocate anyone going on the internet without an ad blocker.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.