• Tag Archives AOL
  • Malicious Ads on Yahoo, AOL, Match.com, Trigger CryptoWall Infections


    Attackers have been leveraging the FlashPack Exploit Kit to peddle the CryptoWall 2.0 ransomware on unsuspecting visitors to sites such as Yahoo, The Atlantic and AOL. Researchers believe that for about a month the malvertising campaign hit up to 3 million visitors and netted the attackers $25,000 daily.

    According to experts at Proofpoint, a firm that primarily specializes in email security, the exploit kit targeted a vulnerability in Adobe Flash via users’ browsers to install the ransomware on users’ machines.

    Malvertising is an attack that happens when attackers embed malicious code – in this case code that led to the latest iteration of CryptoWall – into otherwise legitimate ads to spread malware via drive-by downloads. Users can often be infected without even clicking on anything.

    CryptoWall, which takes users’ files, encrypts them with rigid RSA-2048 encryption, then asks for a fee to decrypt them, made a killing earlier this summer. In August it was reported that the ransomware made more than $1.1 million for its creators in just six months.

    Similar to Critoni/Onion, a ransomware dug up in July, CryptoWall 2.0 downloads a TOR client on the victim’s machine, connects to a command and control server and demands users send Bitcoin – $500 worth – to decrypt their files. Since the campaign lasted about a month, from Sept. 18 to this past Saturday, researchers are estimating that 40 of the campaign’s Bitcoin addresses collected at least 65 BTC each, a number that roughly translates to $25,000 a day.


    Proofpoint claims that high ranking sites such as AOL, The Atlantic, Match.com and several Yahoo subdomains such as their Sports, Fantasy Sports and Finance sites, were spotted serving up the tainted ads. Other sites lesser known in the U.S. such as Australia’s Sydney Morning Herald, The Age, and the Brisbane Times, were reportedly also doling out the ads.

    While the campaign started a month ago the firm claims things didn’t start to ramp up until recently.

    “After crossing a threshold level, it became possible to associate the disparate instances with a single campaign impacting numerous, high-traffic sites,” Wayne Huang, the company’s VP of Engineering, said of the campaign.

    The firm claims it worked quickly to notify those involved in the campaign, including the ad providers, and as of this week, believes the situation has been nullified.

    Last month researchers with Barracuda Labs found a CryptoWall variant with certificate signed by Comodo being distributed through ads on a handful of different websites. None of those sites were nearly as trafficked as those spotted by this most recent campaign however. The Alexa rankings for Yahoo (4), AOL (37), Match (203), and The Atlantic (386) place them within the top 500 of the internet’s most popular sites, something that likely upped the campaign’s exposure level.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida

  • AOL hit by massive data breach, Urges users to change their passwords

    Complete Computer Repair Latest Computer News Fort Lauderdale

    AOL hit by massive data breach

    The personal details of AOL’s millions of customers has been leaked in an attack on the company’s systems, resulting in thousands of accounts being hijacked to send spam.
    Internet pioneer AOL has warned of a major breach that has affected a significant number of users, leaking email and postal addresses, contact information and password details to attackers unknown.

    AOL launched in 1983 as the Control Video Corporation and produced a short-lived modem-based gaming download service for the Atari 2600 dubbed GameLine. The precursor to Valve’s Steam and similar digital distribution systems, GameLine was not a financial success; the company had better luck with the Link series of online portals for the Commodore 64, Apple II and Macintosh, and IBM compatibles. In 1989, America Online was born as a walled-garden internet service which included chat, email and several games – including the first-ever web-based interactive fiction series and the first automated play-by-email game.

    While internet-savvy consumers soon dropped AOL’s walled-garden system for more open services from generic internet service providers, the company still boasts a considerable client base. Despite an ongoing slide in customers, the company boasts a near three-million user count in the US alone – and it’s these customers who have been exposed in a serious security breach.

    ‘We have determined that there was unauthorised access to information regarding a significant number of user accounts,’ the company admitted late last night, following an investigation into spam messages sent from registered AOL accounts. ‘This information included AOL users’ email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information. We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly two per cent of our email accounts.’

    The company has not confirmed the nature of the ‘encryption’ used to store the passwords – which should, by industry best practice, be a salted one-way hash function, rather than reversible encryption – but does claim that it has ‘no indication’ that said encryption was broken; this despite the attackers gaining full access to the accounts from which spam is issuing, an indication that they have indeed been able to retrieve at least some passwords from the corpus.

    Users affected by the breach – and, at this point, it looks to cover anyone with an AOL email address, active or otherwise – is advised to reset their password and change their security questions; if the same password is used anywhere else, that should be changed too.

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere