Cisco: Popular Sites Spreading Ransomware via Mavlertising

June 6, 2014 | By Kevin Judge

Ransomware is quickly becoming the scourge of the Internet and Cisco Systems is reporting that several very popular web sites have recently been distribution points via malvertising. According to an investigation detailed on the Cisco Systems blog site, popular web sites including Disney and Facebook have been compromised to display infected advertisements that download a ransomware program similar to the notorious CryptLocker.

CISCO analyzed data accumulated by its Cloud Web Security (CWS) that monitors its customer’s web use and warns them if they have been visiting domains that could be malicious. Cisco’s analysis determined that in the last month there has been a dramatic increase in sites compromised by cyber criminals who use the RIG exploit kit (ET). According to Cisco, “ we have so far blocked requests to over 90 domains for more than 17% of our Cloud Web Security (CWS) customers” because of the RIG ET.

Cisco has determined that many of the sites compromised by the use of RIG have been spreading the Cryptowall ransomware via compromised advertisements, malvertising. These appear to be exploiting the following vulnerabilities:

Silverlight: cve-2013-0074
Java: cve-2013-2465 and cve-2012-0507
Flash: cve-2013-0634

Cryptowall, like Cryptolocker and its variants, encrypt a victim’s data files so they cannot be used. The user can only obtain the encryption key needed to access their files if they pay a ransom, which increases the longer you wait to pay. Cisco’s blog reported that an infected test server had its ransom increase 3 times and was at $600 as of publication.

Earlier in the week, the US Justice Department reported that an international effort had disrupted a botnet that was distributing Cryptolocker. Cisco’s report is a reminder that Cryptolocker is not the only ransomware threat. Cyrptolocker’s success has spawned numerous variants and imitators.

If you want protect yourself from being part of a botnet or avoid being a victim of such cybercrime malware, Comodo security provides the most comprehensive protection possible. Whether you are using Comodo Internet Security (CIS) for the desktop user or Comodo Endpoint Security Management (CESM) system for the enterprise, Comodo’s Default/Deny strategy with Auto Sandboxing ensures that such malicious programs will never harm your system or your files.

Comodo security focuses on prevention, not purely detection. Comodo’s patent-pending Auto Sandboxing technology creates a real time, isolated environment that identifies safe, unsafe, and questionable files and executables and automatically isolates both unsafe and unknown files, allowing only known, trusted files to penetrate your system.

Be Sociable, Share!

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>