Did you visit the Huffington Post in the past week? Be honest, no one will judge. If so, and you use an older browser, you could be a victim of a malvertising attack. The malware attack used the advertising platforms of popular sites such as HuffPo, men’s magazine FHM, LA Weekly and game site GameZone. That’s taking the shotgun approach to a new level.
The malware in question is ransomware dubbed Kovter. It locks you out of your computer and displays an ‘official-looking’ message demanding money via MoneyPak or a prepaid Mastercard. The malware determines your location and tailors the law enforcement message accordingly. For the United States, infected users will see it coming from the FBI. France? La Police nationale. UK and other countries have tailored messages.
There are two fixes to the virus. If you’re infected, download Malwarebytes on a different computer. A flash drive will work. Go back to your computer, and run it in safe mode. Open and let Malwarebytes run. Once you’re clean, it’s time for step two.
Quit using outdated browsers. The most-used browser is IE8, which means just browsing an infected site was enough to get the malware. Update to IE11, or better yet, download Chrome.
Anatomy of Malvertising Attack
Many are asking how this happened? In this case, it was easy to miss. Most highly-trafficked sites have a self-serve advertising platform. Deals are literally made in seconds and you can have your ad plastered all over a popular site.
Most are scanned, but in this case the ad’s source was redirected eight times before landing on a Polish website’s server. Advertising in the present is different from just years ago.
Ads are no longer static images, and many can have their source code changed on the fly. This is a feature being exploited by groups seeking to phish information or obtain cash from unsuspecting users.
The ads were taken down around January 5, two days after security firm Cyphort alerted the various sites to the situation. Those users with modern browsers should download Malwarebytes and let it run in the background today.
Yeah, you don’t want to admit it. You clicked on that damn list post on HuffPo. It’s ok, we’ve all done it. Just scan your computer. Those rocking IE8? I’m shaking my head in disbelief.