Malicious adverts have been found on the match.com site, with anyone caught out by the trap being at risk to their data being held to ransom. The attack worked by redirecting people who click on the dodgy advert through a series of links that would check what kind of software the victim is using.
According to Gavin Reid, VP of threat intelligence at Lancope, “It is important to not confuse the attack at Match with full site compromises like the recent hack of Ashley Madison. The information on this attack shows a much different issue of malvertising (ads that contain links to malware) being viewed on their website. Malverstising has plagued online websites, with almost all of the top 100 sites having hosted them at some time.”
According to match.com, the incident does not represent a breach of their site, or users’ data.
Dr David Chismon, senior researcher at MWR Infosecurity has said “The reported malvertising attack through Match.com, and the choice of CryptoWall and Bedep payloads indicates that the attackers are interested in compromising consumers and individuals for data ransom purposes. However, users increasingly blur work and personal lives and people browsing Match.com from their work computer may lead to their corporate computer being infected and potential files on any mapped fileshares encrypted and ransomed. Furthermore, there is a risk that attackers discover they have compromised computers of note and sell that access onto attackers with more interest in information theft.
Users are recommended to ensure they are fully patched, however, the Angler exploit kit used is reported to sometimes use unpatched vulnerabilities (0-day). Organisations should therefore ensure they are applying defence in depth, such as using application whitelisting and only minimum privileges to conduct actions.”