Perez Hilton malware strikes millions of users

Gossip site with 500,000 daily visitors serves up double order of malvertising

The website of celebrity gossip hound Perez Hilton has been serving malware to visitors, it has been revealed, with potentially millions of users affected.

The site was afflicted with malvertising, where adverts on a legitimate site are used to host malware. In this case, users clicking on the ads would have been redirected to the notorious Angler exploit kit, which detects vulnerabilities in Flash and Java and uses them to deploy other malware onto victims' PCs.

According to Nick Bilogorsky, senior director of threat intelligence at Cyphort, was used to host two malvertising campaigns.

The first was detected on 30 April, when unfortunate victims would have been redirected via the malicious advert to Angler, which typically deploys Bedep malware onto their computer. Bedep, in turn, downloads CryptXXX ransomware.

Advertisement - Article continues below
Advertisement - Article continues below

The second, which Cyphort researchers discovered on 6 May, used a different exploit kit, a different redirector, and used Amazon Cloudfront CDN to distribute the malware.

"Malvertising continues to be one of the preferred vectors for attackers to compromise users' machines with malware," said Bilogorsky. "Many users fought back by disabling all advertising to secure themselves. Nearly 200 Million now use Adblock, according to Statista. In 2015, this form of ad blocking cost publishers nearly $22 Billion dollars."

To help mitigate this, Bilogorsky said: "Advertising networks should use continuous monitoring - automated systems for repeated checking for malware ads, need to scan early and scan often, picking up changes in the advertising chains, and leverage the latest threat intelligence to power these monitoring systems."

In a post on Graham Cluley Security News, David Bisson advised: "At the very least, ordinary users should make a special point of implementing all software and security updates as soon as they become available. Doing so will not stop a malvertising campaign from redirecting them to a malicious website, but it could prevent an exploit kit like Angler from taking advantage of open software vulnerabilities on their computers."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now



Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019

Best free malware removal tools 2019

23 Dec 2019

Best antivirus for Windows 10

3 Sep 2019

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020