• by Laurie Sullivan  @lauriesullivan, August 28, 2015

Malvertising hit MSN Thursday on the ad network AdSpirit.de -- thanks to the same cybercriminals that attacked Yahoo's network of portals and Web sites earlier this month, according to one report.

Security researchers at Malwarebytes Labs said the incident occurred as people browsed MSN's news, lifestyle or other portals. They were served a malicious advertisement that silently loaded the Angler exploit kit and attempted to infect their computers.

"They are going after large sites with lots of traffic," said Jerome Segura, senior security researcher at Malwarebytes Labs. "We're seeing them use a couple of ad networks."

Malvertising does not require user interaction -- meaning that no click is required. The ad simply needs to display in the browser. Most cybercriminals take advantage of the vulnerabilities in the Flash player, but Segura expects to see similar attacks in HTML5 in time as the cybercriminals gain more understanding of the file format.

In MSN's case, the ad request came from AppNexus, which loaded the infected advertisement. In the case of Yahoo, the malvertising infiltrated files on the user's computer, holding them for ransom. The price typically began at $500, raising to $1,000 if the note was ignored. Typically the cybercriminals target Windows computers.

"They are trying to monetize consumer's machines through ransomware," Segura said. "They use actual encryption technology that's not possible to break. The only way to recover the file without paying the ransom is to have a backup of the file."

This time the cybercriminals leveraged Red Hat's cloud platform, rhcloud.com, redirecting the browser multiple times the Angler exploit kit in the previous attack they were using Microsoft's Azure.