{"id":882,"date":"2014-10-25T22:45:02","date_gmt":"2014-10-26T02:45:02","guid":{"rendered":"http:\/\/www.ccrepairservices.com\/blog\/?p=882"},"modified":"2014-10-25T22:49:26","modified_gmt":"2014-10-26T02:49:26","slug":"malicious-ads-on-yahoo-aol-trigger-cryptowall-infections-threatpost-the-first-stop-for-security-news","status":"publish","type":"post","link":"https:\/\/www.ccrepairservices.com\/blog\/computer-news\/malicious-ads-on-yahoo-aol-trigger-cryptowall-infections-threatpost-the-first-stop-for-security-news\/","title":{"rendered":"Malicious Ads on Yahoo, AOL, Match.com, Trigger CryptoWall Infections"},"content":{"rendered":"

\"cryptowall\"<\/p>\n

Attackers have been leveraging the FlashPack Exploit Kit to peddle the CryptoWall 2.0 ransomware on unsuspecting visitors to sites such as Yahoo, The Atlantic and AOL. Researchers believe that for about a month the malvertising campaign hit up to 3 million visitors and netted the attackers $25,000 daily.<\/p>\n

According to experts at Proofpoint, a firm that primarily specializes in email security, the exploit kit targeted a vulnerability in Adobe Flash via users\u2019 browsers to install the ransomware on users\u2019 machines.<\/p>\n

Malvertising is an attack that happens when attackers embed malicious code \u2013 in this case code that led to the latest iteration of CryptoWall \u2013 into otherwise legitimate ads to spread malware\u00a0via drive-by downloads. Users can\u00a0often be infected without even clicking on anything.<\/p>\n

CryptoWall, which takes users\u2019 files, encrypts them with rigid RSA-2048 encryption, then asks for a fee to decrypt them, made a killing earlier this summer. In August it was reported<\/strong> that the ransomware made more than $1.1 million for its creators in just six months.<\/p>\n

Similar to Critoni\/Onion, a ransomware dug up in July, CryptoWall 2.0 downloads a TOR client on the victim\u2019s machine, connects to a command and control server and demands users send Bitcoin \u2013 $500 worth \u2013 to decrypt their files. Since the campaign lasted about a month, from Sept. 18 to this past Saturday, researchers are estimating that 40 of the campaign\u2019s Bitcoin addresses collected at least 65 BTC each, a number that roughly translates to $25,000 a day.<\/p>\n

\"cryptowall1\"<\/p>\n

Proofpoint claims that high ranking sites such as AOL, The Atlantic, Match.com and several Yahoo subdomains such as their Sports, Fantasy Sports and Finance sites, were spotted serving up the tainted ads. Other sites lesser known in the U.S. such as Australia\u2019s Sydney Morning Herald, The Age, and the Brisbane Times, were reportedly also doling out the ads.<\/p>\n

While the campaign started a month ago the firm claims things didn\u2019t start to ramp up until recently.<\/p>\n

\u201cAfter crossing a threshold level, it became possible to associate the disparate instances with a single campaign impacting numerous, high-traffic sites,\u201d Wayne Huang, the company\u2019s VP of Engineering, said of the campaign.<\/p><\/blockquote>\n

The firm claims it worked quickly to notify those involved in the campaign, including the ad providers, and as of this week, believes the situation has been nullified.<\/p>\n

Last month<\/strong> researchers with Barracuda Labs found a CryptoWall variant with certificate signed by Comodo being distributed through ads on a handful of different websites. None of those sites were nearly as trafficked as those spotted by this most recent campaign however. The Alexa rankings for Yahoo (4), AOL (37), Match (203), and The Atlantic (386) place them within the top 500 of the internet\u2019s most popular sites, something that likely upped the campaign\u2019s exposure level.<\/p>\n

Please Visit our Computer News Website and Blog<\/a><\/span><\/h2>\n

for latest computer repair and online news.<\/span><\/h1>\n

Local and Online Virus removal and computer repairs anytime, anywhere<\/span><\/h2>\n

Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida<\/p>\n","protected":false},"excerpt":{"rendered":"

Attackers have been leveraging the FlashPack Exploit Kit to peddle the CryptoWall 2.0 ransomware on unsuspecting visitors to sites such as Yahoo, The Atlantic and AOL. Researchers believe that for about a month the malvertising campaign hit up to 3 million visitors and netted the attackers $25,000 daily. According to experts at Proofpoint, a firm that primarily specializes in email security, the exploit kit targeted a vulnerability in Adobe Flash via users\u2019 browsers to install the ransomware on users\u2019 machines. Malvertising is an attack that happens when attackers embed malicious code \u2013 in this case code that led to the latest iteration of CryptoWall \u2013 into otherwise legitimate ads to spread malware\u00a0via drive-by downloads. Users can\u00a0often be infected without even clicking on anything. CryptoWall, which takes users\u2019 files, encrypts them with rigid RSA-2048 encryption, then asks for a fee to decrypt them, made a killing earlier this summer. In August it was reported that the ransomware made more than $1.1 million for its creators in just six months. Similar to Critoni\/Onion, a ransomware dug up in July, CryptoWall 2.0 downloads a TOR client on the victim\u2019s machine, connects to a command and control server and demands users send Bitcoin \u2013 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[677,1250,103,19,120,833,1245,1247,1246,32,156,1243,1248,1251,453,10,362,451,113,1008,152,1244,7,22,148,1242,1249],"class_list":["post-882","post","type-post","status-publish","format-standard","hentry","category-computer-news","tag-aol","tag-aol-malware","tag-computer-news-2","tag-computer-repair","tag-computer-virus","tag-cryptowall","tag-cryptowall-aol","tag-cryptowall-match-com","tag-cryptowall-yahoo","tag-fort-lauderdale","tag-malware","tag-match-com","tag-match-com-virus","tag-match-dom-security","tag-new-malware","tag-new-virus","tag-online","tag-online-news","tag-security","tag-security-news","tag-spyware","tag-the-atlantic","tag-virus","tag-virus-removal","tag-viruses","tag-yahoo","tag-yahoo-malware"],"_links":{"self":[{"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/posts\/882","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/comments?post=882"}],"version-history":[{"count":4,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/posts\/882\/revisions"}],"predecessor-version":[{"id":886,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/posts\/882\/revisions\/886"}],"wp:attachment":[{"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/media?parent=882"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/categories?post=882"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/tags?post=882"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}