Perez Hilton malware strikes millions of users
Gossip site with 500,000 daily visitors serves up double order of malvertising
The website of celebrity gossip hound Perez Hilton has been serving malware to visitors, it has been revealed, with potentially millions of users affected.
The site was afflicted with malvertising, where adverts on a legitimate site are used to host malware. In this case, users clicking on the ads would have been redirected to the notorious Angler exploit kit, which detects vulnerabilities in Flash and Java and uses them to deploy other malware onto victims' PCs.
According to Nick Bilogorsky, senior director of threat intelligence at Cyphort, PerezHilton.com was used to host two malvertising campaigns.
The first was detected on 30 April, when unfortunate victims would have been redirected via the malicious advert to Angler, which typically deploys Bedep malware onto their computer. Bedep, in turn, downloads CryptXXX ransomware.
The second, which Cyphort researchers discovered on 6 May, used a different exploit kit, a different redirector, and used Amazon Cloudfront CDN to distribute the malware.
"Malvertising continues to be one of the preferred vectors for attackers to compromise users' machines with malware," said Bilogorsky. "Many users fought back by disabling all advertising to secure themselves. Nearly 200 Million now use Adblock, according to Statista. In 2015, this form of ad blocking cost publishers nearly $22 Billion dollars."
To help mitigate this, Bilogorsky said: "Advertising networks should use continuous monitoring - automated systems for repeated checking for malware ads, need to scan early and scan often, picking up changes in the advertising chains, and leverage the latest threat intelligence to power these monitoring systems."
In a post on Graham Cluley Security News, David Bisson advised: "At the very least, ordinary users should make a special point of implementing all software and security updates as soon as they become available. Doing so will not stop a malvertising campaign from redirecting them to a malicious website, but it could prevent an exploit kit like Angler from taking advantage of open software vulnerabilities on their computers."