Since the end of July, researchers tracked the spread of CryptoWall through online advertising networks.
According to Blue Coat researchers, Yahoo!'s ad network is favored by the crooks because it has a huge reach – its ads appear on a large number of sites – and can therefore funnel more victims towards the infected web sites.
“What looked like a minor malvertising attack quickly became more significant as the cyber criminals were successfully able to gain the trust of the major ad networks like ads.yahoo.com,” Chris Larsen, a senior malware researcher at Blue Coat, explained in a statement.
“The interconnected nature of ad servers and the ease with which would-be-attackers can build trust to deliver malicious ads points to a broken security model that leaves users exposed to the types of ransomware and other malware that can steal personal, financial and credential information." he continued.
Larsen later told The Register on Friday that "ads.yahoo.com was not among the sites directly connected to the CryptoWall-infected sites. It was, however, among the referrers to one of the malvertising sites that was directly connected."
As noted in earlier posts CryptoWall is a variant of the more well known ransomware CryptoLocker that generated over $30 million for it's creator in it's first 100 days of operation.
No comments:
Post a Comment