Malicious major website ads lead to ransomware

June 6, 2014 – 9:25 PM

Malicious advertisements on domains belonging to Disney, Facebook, The Guardian newspaper and others are leading people to malware that encrypts a computer’s files until a ransom is paid, Cisco Systems has found.

The finding comes shortly after technology companies and U.S. law enforcement banded together in a large operation to shut down a botnet that distributed online banking malware and so-called “ransomware,” a highly profitable scam that has surged over the last year.

Cisco’s investigation unraveled a technically complex and highly effective way for infecting large number of computers with ransomware, which it described in detail on its blog.

“It really is insidious,” said Levi Gundert, a former Secret Service agent and now a technical lead for threat research and analysis at Cisco, in a phone interview Friday.

Cisco has a product called Cloud Web Security (CWS) which monitors its customers web surfing and reports if they are browsing to suspected malicious domains. CWS monitors billions of web page requests a day, Gundert said.

The company noticed that it was blocking requests to 90 domains, many of those WordPress sites, for more than 17 percent of its CWS customers, he said.


You must be logged in to post a comment.