A SPIKE IN MALWARE ATTACKS this past weekend was aimed at us lovable publishing types, according to a report on the Malwarebytes blog pages.
It seems that the firm was rather bored of the malware spotting game until the spike came along, and up until that point, it had rather little to say. That all changed when it found a large number of Angler malware attacks circling the publishing industry.
"During the past few weeks, malvertising activity was a little bit on the decline, at least within our own telemetry. We were mainly seeing the usual suspects pushing a lot of Magnitude EK related infections and the occasional tech support scam," says a post by the firm's Jerome Segura.
"However, out of the blue on the weekend we witnessed a huge spike in malicious activity emanating out of two suspicious domains. Not only were there a lot of events, but they also included some very high profile publishers, which is something we haven't seen in a while."
The high profile publishers included the BBC, MSN and AOL, and the firm says that the malware is being shared through a couple of domains, and offered for clicking via some poisonous advert of some kind and the Magnitude EK payload.
"Angler EK has gone through several changes lately, in its URI patterns but also in the landing page itself. It is also the only one to use a recently patched Silverlight vulnerability," added the firm. The Silverlight vulnerability mentioned was fixed by the Microsoft patch whack in January.
If people are caught in the hooks of this bastard creation they may find themselves at the shit end of a ransomware shakedown, and these are never cool.
"Malwarebytes Anti-Exploit blocks the malvertising attack when it launches the exploit kit. We notified the various ad networks when we first identified the attack as well as CloudFlare; we will update this blog with any new relevant information."
And so shall we. µ
To hear more about security challenges, the threats they pose and how to combat them, sign up for The INQUIRER sister site Computing's Enterprise Security and Risk Management conference, taking place on 24 November.
OK Google, explain 'imminent disappointment'
We'd have called it Bridget
Investor leverages his $1.2bn stake in PC maker
Social network handed over info in 88 per cent of cases