Malicious ads leading to a ransomware infection have been served to the visitors of a few popular websites, among them gamezone.com and the Huffington Post in last days of the year.
The malvertising campaign was first spotted by researchers at Cyphort Lab. The first sites hit by the hoax were the Canadian and the US Huffington Post. According to the experts, the ads were served by advertising.com, which is an AOL advertising network.
Kovter Ransomware Delivered Via Exploit Kits
The victims of the malicious ads were automatically linked to a web page hosting an exploit kit (either the Sweet Orange or the Neutrino), which served a new version of the Kovter ransomware.
Kovter ransomware disables the keyboard and the mouse on the compromised machine, and demands 300$ in order to unblock them. The infection goes through the browsing history of the victim, searching for URLs of pornographic sites, which it smartly includes in the ransom message to make it more believable.
AOL has been informed about the issue, and the malicious ads were removed in their adtech.de and advertising.com networks.
The Cyphort experts explained that sometimes advertising network fail to detect malicious ads because the cyber criminals hide their creations quite skilfully, or they launch the infection a certain amount of time after the ads are enabled.
Hackers use different techniques, for example serving the exploits to every 20th user who views the corrupted advertisement. They also verify IP addresses and user-agents to avoid malware detection.
Unfortunately, this is not the first case of a Kovter infection being delivered that way. In October last year, experts have spotted a malvertising campaign aimed at YouTube users.
To protect your system from the numerous threats spread online, make sure to use reputable AV products and keep them updated.
Spy Hunter FREE scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the malware tool. Find Out More About SpyHunter Anti-Malware Tool