Prince of pop trash PerezHilton pwned, visitors hit with cryptxxx
Some of Hollywood hack's 500k visitors smashed with Angler, ransomware combo
Pop trash giant PerezHilton.com has served the world's most dangerous exploit kit to some of its 500,000 daily visitors.
The site is home to Hollywood and celebrity news and has been pwned before under hugely successful malvertising campaigns using the dominant Angler exploit kit.
Cyphort researcher Nick Bilogorskiy says the site was once again smashed by Angler, which usually serves the Cryptxx ransomware, a dangerous cryptolocker variant, that – along with the exploit kit – is enjoying a boom in popularity.
"[An] iframe leads to Angler’s landing page [and] after browser exploitation Angler typically drops Bedep malware which will further download and infect the victim’s machine with CryptXXX ransomware," Bilogorskiy says.
"Malvertising continues to be one of the preferred vectors for attackers to compromise users’ machines with malware."
The researcher identified a redirection domain som.barkisdesign.com which is implicated in malvertising attacks earlier this month against CBS television stations.
|Feature: Malware menaces poison ads as Google, Yahoo! look away.|
The attacks on PerezHilton.com used a different exploit kit variant and network infrastructure however.
Angler was this week identified by Microsoft as the most prolific exploit kit dwarfing competitors.
Malvertising attacks are highly successful because it exploits weaknesses in the global online advertising structure where high-pace and low-profit margins leave little room for complex buyer and content integrity checks.
Bilogorskiy says many users have "fought back" with advertising blockers that shutter exposure to malvertising campaigns. He cites Statista numbers that show some 200 million users deploy ad-blockers, inflicting an estimated US$22 billion dollars in losses against publishers last year. ®