A malvertising attack aimed at AOL.com in the beginning of March 2016 used corrupted advertisements to infect site visitors’ computers.
Other websites including The New York Times, BBC, and Answers.com were also targets of this attack. Though the AOL website has been able to identify and purge the damaging advertisements, any users who visited the site in the last few weeks may now be infected.
AOL’s Malvertising History
This is not the first time that AOL has been the target of malvertising. Early 2015 saw the AOL advertising network as the victim of the Sweet Orange Exploit Kit, a hackers’ tool that spread malware to any vulnerable users who loaded the damaging ads. The malware used in that hack was called Kovter and demanded a ransom of $300 to $500 before allowing users to use their computer or access their data.
AOL was not alone in this 2015 attack. The Huffington Post was also attacked, alongside many smaller websites. To AOL’s credit, they were able to block the exploit immediately after its discovery. AOL remained malvertising free for over a year following the discovery of this attack.
The March 2016 Malvertising Attack
AOL’s secure streak came to an end earlier this week when the Angler Exploit Kit utilized new innovations in malware to deliver another round of malvertising on the site. This attack functioned in nearly identical fashion to the previous round of malware. Users visiting AOL’s website and loading its seemingly innocuous advertisements were at risk of unknowingly downloading malware to their computers.
This malware, like the 2015 version, creates an inescapable full-page dialog on the computer screen which locks the user’s computer. Users wishing to retrieve their hard drive data and unlock the screen are forced to pay a ransom in exchange for their computer’s unique malware password. The dialog threatens that any other attempts to remove the malware could result in the data being permanently locked up.
Continued Risks of Malvertising
Most big name websites, including AOL, are probably safe now that the exploit has been discovered and made public. There is no way to know if these websites will remain safe when new exploits are discovered by hackers in the future. The creators of the Angler Exploit Kit are continually updating their malware and attempting to discover new ways to infect users.
Most of these exploits are made possible by users who do not keep their computer programs up to date. If an exploit is discovered in an old version of software and fixed, that fix will do no good to the user who fails to download it. Not all programs upgrade automatically and it is important for all users to stay up to date. Old versions of software by Abobe are the most common target for hackers, with eight out of ten recent attacks utilizing this access point.
New Rules For Staying Safe
Common sense rules like avoiding mysterious websites and file downloads used to be enough to keep safe from malware. This does not apply to malvertising attacks. When any popular website can become the source of a dangerous computer virus, extra precautions must be taken. Keeping your software updated is one piece of the puzzle. Regularly backing up your hard drive, reading reports from malware-hunting blogs such as TrendLabs, and keeping up to date on anti-virus technology are all important to ensure the continued safety of your computer.