Love it or hate it, if you’re an Anglophone, you’ve probably heard of it.
The UK’s Daily Mail, or, more precisely, the web-based Mail Online, is said to be the world’s busiest English-language news site.
Despite its British origins, and its UK flavour, 70% of its traffic is said to come from outside the British Isles, notably from the USA.
There’s no subscription or paywall, so the site makes its money, like so much of the internet these days, from ads.
As we’ve explained before, malverts don’t have to contain malware of their own.
They just need to link off somewhere that has malware on it, for example using an HTML IFRAME (inline frame, or embedded web window).
And malverts can be hard to track down, because ad networks don’t always serve the same ad in the same place on the same page.
Even if you see an ad that your anti-virus blocks because it contains a malicious code or a poisoned link, and report it promptly…
…researchers following up on your report might see something completely different when they go looking.
Mail meets malware
Sadly, last week, it seems that some Mail readers did receive poisoned ads from one of the ad networks that provides Mail Online with marketing content.
Reported cases are said to have redirected visitors to web pages containing the Angler exploit kit, an infamous “cybercrime as a service” tool that automatically loads a sequence of booby-trapped files into your browser, and tries them one by one in the hope of getting control over your computer.
Indeed, if you’ve forgotten to patch any one of the software vulnerabilities that Angler tries to exploit, you’re at risk of what’s called a drive-by download.
That’s where simply visiting the site with your browser, or having a malvert “visit” it for you, is enough to install malware on your computer.
💡 LEARN MORE: How the Angler exploit kit works ►
Crooks wanting to distribute malware can pay the criminals behind the exploit kit on a per-install basis, so it’s hard to predict what malware an Angler-infected website will try to foist on you at any visit.
However, SophosLabs reports that Cryptodefense and Cryptowall ransomware, blocked by Sophos as HPmal/Ransom-I and HPmal/Ransom-R respectively, are are commonly seen in Angler attacks these days.
As far as we know, the offending ad network that Mail Online was using (we aren’t sure which it was, as the Mail pulls in content from numerous outside sites) cleaned up its act pretty quickly, so this door was slammed shut soon after it opened.
What to do?
Keeping #CyberAware, and trying to be a safe surfer by avoiding risky-looking sites and sticking to well-known ones, is a good idea.
Why put yourself needlessly in harm’s way?
Clearly, however, just being careful is not enough on its own, because even mainstream, high-traffic websites may be intermittently infectious due to malvertising.
Here are some technological tips you can follow:
• Keep your operating system and applications patched. Exploits kits like Angler usually try out multiple vulnerabilities before giving up. The longer you ignore your patches, the greater the number of holes that remain open to the exploit kit.
• Use an on-access (real-time) anti-virus and keep it current. Blocking any of the stages in a malvertising attack like the one described above will stop the crooks in their tracks.
• Use a secure gateway or firewall that filters web traffic. This provides an extra layer of defence on top of your anti-virus.
Clean up with the free Sophos Virus Removal Tool
This is a simple and straightforward tool for Windows users. It works alongside your existing anti-virus to find and get rid of any threats lurking on your computer.
It does its job without requiring you to uninstall your incumbent product first. (Removing your main anti-virus just when you are concerned about infection is risky in its own right.)
Download and run it, wait for it to grab the very latest updates from Sophos, and then let it scan through memory and your hard disk. If it finds any threats, you can click a button to clean them up.
Other free tools to protect you from malverts and exploit kits
All the features of our commercial UTM for use on a spare computer or in a virtual machine. You get web filtering, email filtering, virus scanning, intrusion prevention, a web application firewall and a full-on Virtual Private Network (VPN) solution for up to 50 computers or mobile devices at home.
You also get 12 free licences for Sophos Anti-Virus for Windows to keep your family PCs clean.
• Sophos Anti-Virus for Mac Home Edition
A standalone version of our business grade anti-virus for OS X. You get real-time (on access) malware prevention, web filtering, scheduled scans, malware cleanup and more, plus it keeps itself up-to-date automatically.
6 comments on “Malvertising meets the Daily Mail”
“The UK’s Daily Mail, or, more precisely, the web-based Mail Online, is said to be the world’s busiest English-language news site.”
This is possibly the most depressing thing I’ve ever read.
Daily Mail – “news”? It’s a mixture of far-right propaganda, fiction and pub-bore lecherous comments on pictures of scantily-clad women.
Ah well, that would explain it’s popularity here in the US.
“a drive-by download.
That’s where simply visiting the site with your browser, or having a malvert “visit” it for you, is enough to install malware on your computer.”
So, does using adblocking software avoid the problem?
That probably depends on your ad-blocking software, I would think.
If it blocks all ads on all sites, then there’s a good chance it would block malvertising ads, but (as with most things involving computers) there’s no guarantee that it will.
Ad blockers may indeed help, simply because the malverts might be blocked as a side-effect of blocking all ads. (Assuming you set it to block all ads, and none get through).
I didn’t list this as a specific anti-virus security measure, because it’s more of a handy side-effect of ad blocking than it is an anti-virus technique.
(Blocking all USB keys will stop all USB malware, but won’t stop all malware. In fact, most malware doesn’t arrive via USB. Same sort of story for malverts.)