A recent malware episode in the UK serves as an important reminder that malware can even infect prominent, presumably trustworthy websites. Tens of thousands of people in the UK are thought to have fallen victim to the malware attack.
The malware spread after cybercriminals were able to compromise computers used by Unanimis, a UK-based digital advertising network. Unanimis serves ads on a variety of popular websites, many of which were victimized by the attack. Among the compromised sites were AutoTrader, the London Stock Exchange, and the Vue cinema chain.
The malware–or more appropriately, the scareware–was designed to scare victims into buying fake antivirus software. It worked by displaying warnings saying that the victim’s PC had been infected with a virus, and then it also offered a solution for removing the virus–for a price, of course. The cybercriminals were able to exploit several vulnerabilities in Windows programs to carry out the attack.
While it did affect thousands of people, the malvertising attack could have been more devastating. For one, the infected advertisements were not being widely distributed, which helped reduce the malware’s impact. Also fortuitous was the fact that the attack took place on a Sunday evening, which also limited the number of victims. The post-attack clean up effort wasn’t too difficult either, as it reportedly only took approximately three hours to remove the malware-laden ads once the attack was discovered. Still, an attack on such a prominent ad network is a cause for concern even if it’s not enormous in scope.
Unanimis claims that it doesn’t know how its network became infected in the first place, but an investigation is under way. According to the ad firm, they have security systems in place that check advertisements for malware prior to being distributed. Even still, this episode in the UK just goes to show that even well-known sites can fall victim to malware, leaving all of their visitors in danger of getting infected. It’s all the more reason to make sure you have a good antivirus defense that’s regularly updated.
Malvertising gives cybercriminals a relatively easy way to place malicious code on popular sites, and it’s reasonably common. The takeaway? Keep an eye out for ads, no matter how reputable the site.