Feeds

CryptoWall! crooks! 'turn! to! Yahoo! ads! to! spread! ransomware!'

Purple Palace not directly involved but maybe it should chat to these infosec bods

Providing a secure and efficient Helpdesk

Crooks are using Yahoo!'s advertising network to infect PCs with the CryptoWall ransomware, it's claimed.

Windows software nasty CryptoWall encrypts a victim's files using an OpenSSL-generated key pair before demanding a ransom to decrypt the data. It communicates with its masters using RC4-encrypted messages to command servers hidden in the Tor network, we're told.

It was initially spread by spamming email inboxes with "incoming fax" scans or links to files held in cloud storage that were booby-trapped with malicious code.

The malware then evolved to use poisoned web advertisements – or malvertising – to spread across the internet.

Typically, when someone clicks on an ad, the site displaying the advert, and the advertising network serving it, take a small fee for referring the visitor to the advertiser's website. It appears CryptoWall victims are lured into clicking on adverts, which refer the browser along a chain of websites until it reaches a server that exploits a vulnerability to infect the computer.

Since the end of July, researchers at security defence biz Blue Coat have been tracking the spread of CryptoWall through online advertising networks; websites referring on visitors have been set up in India, Myanmar, Indonesia, France and other countries.

According to Blue Coat, Yahoo!'s ad network is favored by the crooks because it has a huge reach – its ads appear on a large number of sites – and can therefore funnel more victims towards the exploit sites than shady ad slingers, which are much smaller.

“What looked like a minor malvertising attack quickly became more significant as the cyber criminals were successfully able to gain the trust of the major ad networks like ads.yahoo.com,” Chris Larsen, a senior malware researcher at Blue Coat, explained in a statement.

“The interconnected nature of ad servers and the ease with which would-be-attackers can build trust to deliver malicious ads points to a broken security model that leaves users exposed to the types of ransomware and other malware that can steal personal, financial and credential information."

Larsen later told The Register on Friday that "ads.yahoo.com was not among the sites directly connected to the CryptoWall-infected sites. It was, however, among the referrers to one of the malvertising sites that was directly connected."

There is no suggestion of any wrongdoing by Yahoo!. The web giant had not responded to a request for comment at time of publication. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.