Earlier this year bad guys took vicious advantage of an Adobe Flash Player security vulnerability. They used it to install Cryptowall ransomware on victims’ computers. How? Through regular on-line ads!
The use-after-free vulnerability, CVE 2015-0313, was patched by Adobe on Feb. 2, and the day after, the attack campaign came to a screeching halt, according to researchers at Malwarebytes, which traced the zero-day’s lifecycle after their systems detected the attacks in December of last year. The attackers injected the malware-ridden ads on the websites of Dailymotion, Huffington Post, answers.com, New York Daily News, HowToGeek.com, tagged.com, as well as a handful of other sites.
Wow, so now you don’t even have to be doing anything risky to become completely infected. You just have to be in the wrong place at the wrong time.
Ransomware is particularly nasty – it encrypts all of your files and then shows a screen saying you have just a few days to pay the ransom to get the encryption key. The only way to avoid the ransom is to retrieve your original files from backup, which so few people implement. Here’s some more from the article:
Malwarebytes doesn’t have a head count of victims hit with the ransomware, but traffic to the infected sites reached over 1 billion in February of this year. Not all of those victims obviously were infected–although they would not have to click on the infected ad to get infected, they had to meet the demographics the attackers were looking for, which were US consumers behind residential IP addresses.
Each of the affected websites ran the malicious ads for an average of two days, and Malwarebytes in its research traced back its first detection and blocking of the zero-day exploit on Dec. 10, 2014.
Protect yourself from ad-delivered ransomare
How do you protect your self against something like that? There are several ways:
- Run your web browser in a sandbox such as Sandboxie (intermediate, windows only) or VirtualBox (advanced, all platforms)
- Disable Adobe Flash. It is slowly being shunned by more and more websites due to the prevalence of HTML5 and probably due to its history of security holes
- Disable ads using a browser plugin (not recommended). Firefox has several popular ad blockers in its vast add-on collection.