Malvertising hit MSN Thursday on the ad network AdSpirit.de -- thanks to the same cybercriminals that attacked Yahoo's network of portals and Web sites earlier this month, according to one
report.
Security researchers at Malwarebytes Labs said the incident occurred as people browsed MSN's news, lifestyle or other portals. They were served a malicious
advertisement that silently loaded the Angler exploit kit and attempted to infect their computers.
"They are going after large sites with lots of traffic," said Jerome Segura, senior
security researcher at Malwarebytes Labs. "We're seeing them use a couple of ad networks."
Malvertising does not require user interaction -- meaning that no click is required. The ad simply
needs to display in the browser. Most cybercriminals take advantage of the vulnerabilities in the Flash player, but Segura expects to see similar attacks in HTML5 in time as the cybercriminals gain
more understanding of the file format.
In MSN's case, the ad request came from AppNexus, which loaded the infected advertisement. In the case of Yahoo, the malvertising infiltrated files on
the user's computer, holding them for ransom. The price typically began at $500, raising to $1,000 if the note was ignored. Typically the cybercriminals target Windows computers.
"They are
trying to monetize consumer's machines through ransomware," Segura said. "They use actual encryption technology that's not possible to break. The only way to recover the file without paying the ransom
is to have a backup of the file."
This time the cybercriminals leveraged Red Hat's cloud platform, rhcloud.com, redirecting the browser multiple times the Angler exploit kit
in the previous attack they were using Microsoft's Azure.