Incident Response, Malware, TDR

Top websites deliver CryptoWall ransomware via malvertising

CryptoWall ransomware with a valid digital signature is being delivered as part of a widespread malvertising campaign, according to Barracuda Labs.

Drive-by downloads were detected as coming from hindustantimes[.]com, bollywoodhungama[.]com, one[.]co[.],il, codingforums[.]com, and mawdoo[.]com, according to a Sunday post, which explains that the ransomware in each instance was delivered via the Zedo ad network.

A specific subchain “is common to every site's sequence of events,” and in that subchain, “ss1[.]zedo[.]com served obfuscated JavaScript that began a series of redirects to malicious content,” according to the post. “The last site, xenon[.]asapparts[.]com, redirected to one of several different exploit kit-backed sites.”

The initial VirusTotal results showed zero detections; however, the program has since been deemed malicious by additional tools, the post indicates.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.