The world has come to fear the effects of ransom malware but how does it get near the PCs of its victims in the first place?
A common technique is to lure unsuspecting users into opening malicious attachments but there are a number of other channels. After some poking around, security firm Blue Coat has discovered that one the recent very successful ransom malware CryptoWall has been hitching a ride on Yahoo’s ad network.
According to the firm’s observations in blogs over the last month, it had tracked traffic associated with the malware back to ads on sites inside the search giant’s advertising web in India, Myanmar, Indonesia and France.
So-called ‘malvertising’ is an established tactic but its effects can be profound. Users visiting legitimate websites using this network would have encountered links to sites that appeared legitimate but were hosting malware.
It’s clever because it’s incredibly hard to spot and block. The sites insinuate themselves into ad networks which gives them the opportunity to later exploit this reputation to redirect to malvertising.
“What looked like a minor malvertising attack quickly became more significant as the cyber criminals were successfully able to gain the trust of the major ad networks like ads.yahoo.com,” said Blue Coat’s researcher, Chris Larsen.
“The interconnected nature of ad servers and the ease with which would-be-attackers can build trust to deliver malicious ads points to a broken security model that leaves users exposed to the types of ransomware and other malware that can steal personal, financial and credential information.”
The firm said it has started blocking some of the suspect sites that were part of this campaign.
How serious any of this is depends on the scale of the foothold malvertising has got inside Yahoo. That’s difficult to say but the service has a form when it comes to this kind of problem. In January, security firms found that its ad system was being exploited by large of sites to spread Bitcoin mining software.
Ad revenue is, of course, crucial for search providers including Yahoo, which has been struggling in the space for some time.