It's generally accepted that hackers are smart and sneaky, but we got another big reminder last weekend when several major sites, including the New York Times, BBC, MSN, Answers.com, AOL.com and thousands of other sites were used to serve malicious ads. Tens of thousands of users clicking on the ads ended up on sites that launched automated attacks against their computers using the Angler exploit kit.
If Angler found weaknesses on a computer, it could either install the TeslaCrypt ransomware or Bedep Trojan. In other words, users either found their files locked and held for ransom, or got a flood of other malware on their system. To keep that from happening to you, we're going to look at how this attack works and what you can do to defend yourself from future versions.
How hackers spread malicious ads
Malicious ads are nothing new, but after a few years of dealing with them most ad networks are pretty good at blocking the obvious ones. The hackers behind the latest attack came up with an interesting new twist, though.
According to security firm Trustwave, the hackers found the domains of legitimate online marketing companies that had just expired and bought them. They used those domains to appear as valid businesses and to purchase ad space on a huge number of ad networks, including Google's DoubleClick, Adnxs, Rubicon, AOL, AppNexus and Taggify.
Even sneakier, the ads had code that prevented them from attacking computers that had certain security research tools and security programs installed. That kept the security community from picking up on the attack right away and alerting the ad networks.
How the ads attacked
As we said, when a user clicked on the malicious ads they would go to a site that attacked their computer looking for weak spots. Those weak spots were ones we regularly warn you about, including out-of-date browsers and old versions of Adobe Flash, Java, Silverlight and other browser plugins.
The attack would also be more successful if the computer's operating system wasn't updated and there was no security software installed. Unfortunately, that describes far too many computers, but it does show you some easy ways to protect your own computer.
How to protect yourself
One key way to protect yourself from this kind of attack is to keep your browser and your computer's operating system updated with the latest patches. This leaves fewer security holes for hackers to break through.
You should also update any browser plugins you use, such as Adobe Flash or Java. Even better, uninstall these plugins or set them to only run when you allow it. Get more details on that and other ways to make your browser hacker-proof.
If an attack makes it through your browser, you want to make sure it doesn't get much farther. Switching your Windows account from an administrator account to a standard account keeps most viruses from installing and immediately eliminates 86% of the threats out there. Learn how to make that switch and other Windows account security tips you need to know.
Of course, there are still attacks that can get around your browser and your Windows settings, which is why you need strong security software installed. This can detect attacks and block them before they get very far.