'Legacy' Wordpress blog site of The Independent serving malware

Ransomware targets old Flash versions, says Trend Micro

The Independent has become the latest big-name publisher to serve malware.

Trend Micro is warning that the UK news site's Wordpress-based blog section has been compromised.

The company says the attack seems to have begun on November 21, with a compromised page serving the Angler exploit kit, taking advantage of visitors with old Flash version to hit them with the Cryptesla 2.2.0 ransomware.

“The vulnerability involved in this particular instance is discovered to be CVE-2015-7645. This is also the latest vulnerability we detect to be added to Angler’s repertoire”, Trend fraud researcher Joseph Chen writes.

According to the BBC, The Independent says the site the attackers hit is a rarely-visited “legacy” site that gets less than 0.2 per cent as many hits as its total digital audience.

The publisher told the Beeb an advertisement may have been serving malware and claimed: “There is no suggestion or evidence that any of our users have been affected by this.”

It's also investigating its third-party advertising suppliers.

Trend's post says it's seeing 4,000 redirects each day to Angler, but that's across its whole network rather than just from The Independent.

CVE-2015-7645 is a Flash bug that emerged in October 2015. It was the exploit used in the Pawn Storm attacks, and has since been patched, as have dozens of other Flash vulnerabilities. ®

Sponsored: The Joy and Pain of Buying IT - Have Your Say


Biting the hand that feeds IT © 1998–2017