Cryptowall ransom malware malvertising spreads

This is a follow-up to a story Domain Mondo reported on May 20th: Online Ads, Malware, Marketers, Placement Problems -- the story "has legs" --

We “will be paying no ransom,” vows town hit by Cryptowall ransom malware | Ars Technica: "....Contrary to reports that the Durham Police Department infection was the result of a malicious e-mail attachment, the RIG-fueled attacks Cisco is blocking are the result of malicious advertisements served on scores of websites, including altervista.org, apps.facebook.com, www.theguardian.com, and ebay.in. The US is the country seeing the most infected ads, followed by the UK. So-called malvertising is a scourge that uses authentic-looking ads served over legitimate networks and sites to either trick end users into clicking on malicious links or to push attack code that exploits vulnerabilities to surreptitiously install malware. "Until May 22, RIG appears to have been making use of both newly registered domains and compromised legitimate sites to both host its landing pages and serve its exploits, all from paths ending in 'proxy.php,'" the Cisco blog post stated. The rash of Cryptowall attacks came to light the same week that federal authorities seized a massive botnet used to spread CryptoLocker. The effects of Cryptowall on Durham were characterized as disruptive but not catastrophic...." -- read more at link above and at: https://blogs.cisco.com/security/rig-exploit-kit-strikes-oil

Domain Mondo archive