Malicious major website ads lead to ransomwareJune 6, 2014 – 9:25 PM
Malicious advertisements on domains belonging to Disney, Facebook, The Guardian newspaper and others are leading people to malware that encrypts a computer’s files until a ransom is paid, Cisco Systems has found.
The finding comes shortly after technology companies and U.S. law enforcement banded together in a large operation to shut down a botnet that distributed online banking malware and so-called “ransomware,” a highly profitable scam that has surged over the last year.
Cisco’s investigation unraveled a technically complex and highly effective way for infecting large number of computers with ransomware, which it described in detail on its blog.
“It really is insidious,” said Levi Gundert, a former Secret Service agent and now a technical lead for threat research and analysis at Cisco, in a phone interview Friday.
Cisco has a product called Cloud Web Security (CWS) which monitors its customers web surfing and reports if they are browsing to suspected malicious domains. CWS monitors billions of web page requests a day, Gundert said.
The company noticed that it was blocking requests to 90 domains, many of those WordPress sites, for more than 17 percent of its CWS customers, he said.