Malvertising campaign seen on the Mail Online
Angler Exploit Kit pushed in xHamster malvertising campaign
The Daily Mail's website - which receives 156 million monthly visits and is the most read English language newspaper in the world - has been the target of a recent cyber-attack according to cyber-security company, Malwarebytes
The attack was performed using the infamous Angler Exploit Kit (AEK) which redirected visitors that clicked on a rogue link to enable the attackers to install malware.
The AEK first appeared in late 2013, and has been wreaking havoc on unaware users since then. The AEK searches for vulnerabilities in Java and Flash, which online advertising regularly runs, and then uses those vulnerabilities to infect the unlucky user's computer. The process can be invisible, leaving the user unaware of the breach. From there, the kit often distributes Adware and Ransomware. Those using the exploit kit have been remarkably resistant to measures to slow them down.
According to MalwareBytes, the malvertising on the MailOnline linked back to a fake ad server which leverages Azure's SSL cloud platform to redirect users to URLs which would activate the AEK and infect the vulnerable computers with Cryptowall Ransomware which would encrypt their files beyond the reach of the user and demand payment for their un-encryption.
Once Malwarebytes contacted the the Mail, the publisher promptly took the malvertising down.
Malwarebytes had been on the case for a while, following this particular malvertising campaign and has spotted similar attacks on other wildly popular websites like Weather.com, Yahoo, Ebay and the American political news aggregator, the Drudge Report.
Malvertising campaigns are increasingly taking aim at high-profile sites. The Mail Online with its wide attack surface, is clearly one that malvertisers might want to target.
The MailOnline did not respond to SC requests for comment at the time of publication.