Match.com has suspended advertising on its UK site whilst investigating a malware issue that put singles looking for love at risk of theft of personal information and cyber ransom.
The website,which boasts millions of users worldwide, would not confirm how many UK users or visitors it has to the site, however, it is believed it welcomes 27.3 million site visitors worldwide every month, according to SimilarWeb, and around seven percent (5.5 million) of these are based in the UK. Match.com was unable to confirm these numbers.
Techworld yesterday reported that visitors to the site were yesterday at risk from malware which could steal personal information, send spam emails and operate silently within their devices without their consent, as claimed by security research group Malwarebytes. The researchers reported the attack to Match.com on Wednesday evening.
A spokesperson for match.com said: “We take the security of our members very seriously. Earlier today we took the precautionary measure of temporarily suspending advertising on our UK site whilst we investigated a potential malware issue. Our security experts were able to identify and isolate the affected adverts, this does not represent a breach of our site or our users’ data.
“To date we have not received any reports from our users that they have been affected by these adverts. Nonetheless, we advise all users to protect themselves from this type of cyber-threat by updating their antivirus / anti malware software.”
How does the alleged match.com malware work?
The breach is believed to involve shortened Google URLs, targeting "mainly UK users", which the hacking team use to install an Angler exploit kit to plant Bedep ad fraud Trojans through adverts on the site.
Once a computer is infected with a Bedep Trojan, it will make a high volume of requests to rogue advertising networks. These networks eventually take users to a host, which will redirect them to another exploit kit, which re-infects the system with malware.
This virus-like network spreads, unbeknown to the Match.com profile user, or owner of the computer or device. The revelations will be detailed in a blog post by Malwarebytes this evening.
Website visitors are also at risk from CryptoWall ransomware - a sophisticated Trojan that will encrypt files on a user’s computer and hold them ransom, according to Malwarebytes. CryptoWall passes users to a site where users can pay for files on their computer to be decrypted. Users can be told to pay $500 in order to free files on their computer.
Those looking for love with outdated browsing software or a plugin such as Flash, Silverlight, Reader, Java on their computers do not even have to click on one of the fraudulent ads on the network. The malware simply silently loads, locks files on the computer and a few minutes later a message demanding the ransom is sent, Malwarebytes explained.
The malvertising campaign was live on the site when Malwarebytes shared information about the attack with Techworld.
It's likely that Match.com will explore the idea of disabling UK adverts as a precautionary measure.
Around this time last year, Dell Secureworks estimated that CryptoWall ransom Trojan had infected 625,000 systems.
Jérôme Segura, senior security sesearcher at Malwarebytes, said: “The cost per thousand impressions (CPM) for the booby trapped ad was only 36 cents, which is nothing compared to how much infected computers can bring in terms of revenues. For instance, CryptoWall demands $5oo per victim.
“We alerted Match.com and the related advertisers but the malvertising campaign is still ongoing via other routes.”
The attack follows the now infamous Ashley Madison hacking saga, which saw 37 million adulterers' personal information leaked online.
The adultery website, whose tagline is “Life is short. Have an affair,” is owned by Avid Life Media, responsible for Established Men, Swappernet (a swingers' site) and The Big and the Beautiful (a site for larger singles).
One document leaked by The Impact Team included the website’s source code, which reveals interactions between users. Upon analysis, the code made clear that Ashley Madison’s developers had created fake female profiles - or bots - to interact and entice men into paying to use the service.
Additional reporting by Sam Shead