Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


New Version of the Kovter Ransomware Delivered Via Exploit Kits

Malicious ads leading to a ransomware infection have been served to the visitors of a few popular websites, among them gamezone.com and the Huffington Post in last days of the year.

The malvertising campaign was first spotted by researchers at Cyphort Lab. The first sites hit by the hoax were the Canadian and the US Huffington Post. According to the experts, the ads were served by advertising.com, which is an AOL advertising network.

Download a FREE System Scanner, to See If Your System Has Been Affected By Kovter Ransomware.

Kovter Ransomware Delivered Via Exploit Kits

The victims of the malicious ads were automatically linked to a web page hosting an exploit kit (either the Sweet Orange or the Neutrino), which served a new version of the Kovter ransomware.

Kovter ransomware disables the keyboard and the mouse on the compromised machine, and demands 300$ in order to unblock them. The infection goes through the browsing history of the victim, searching for URLs of pornographic sites, which it smartly includes in the ransom message to make it more believable.

AOL has been informed about the issue, and the malicious ads were removed in their adtech.de and advertising.com networks.

Kovter-Ransomware-infection

The Cyphort experts explained that sometimes advertising network fail to detect malicious ads because the cyber criminals hide their creations quite skilfully, or they launch the infection a certain amount of time after the ads are enabled.

Hackers use different techniques, for example serving the exploits to every 20th user who views the corrupted advertisement. They also verify IP addresses and user-agents to avoid malware detection.

Unfortunately, this is not the first case of a Kovter infection being delivered that way. In October last year, experts have spotted a malvertising campaign aimed at YouTube users.

To protect your system from the numerous threats spread online, make sure to use reputable AV products and keep them updated.

donload_now_250
Spy Hunter FREE scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the malware tool. Find Out More About SpyHunter Anti-Malware Tool

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.