It's generally accepted that hackers are smart and sneaky, but we got another big reminder last weekend when several major sites, including the New York Times, BBC, MSN, Answers.com, AOL.com and thousands of other sites were used to serve malicious ads. Tens of thousands of users clicking on the ads ended up on sites that launched automated attacks against their computers using the Angler exploit kit.
If Angler found weaknesses on a computer, it could either install the TeslaCrypt ransomware or Bedep Trojan. In other words, users either found their files locked and held for ransom, or got a flood of other malware on their system. To keep that from happening to you, we're going to look at how this attack works and what you can do to defend yourself from future versions.
How hackers spread malicious ads
Malicious ads are nothing new, but after a few years of dealing with them most ad networks are pretty good at blocking the obvious ones. The hackers behind the latest attack came up with an interesting new twist, though.
According to security firm Trustwave, the hackers found the domains of legitimate online marketing companies that had just expired and bought them. They used those domains to appear as valid businesses and to purchase ad space on a huge number of ad networks, including Google's DoubleClick, Adnxs, Rubicon, AOL, AppNexus and Taggify.
Even sneakier, the ads had code that prevented them from attacking computers that had certain security research tools and security programs installed. That kept the security community from picking up on the attack right away and alerting the ad networks.