Dating Site Plenty Of Fish Serves Up Malware To Users

After would-be adulterers lose sleep about their details being uncovered in the Ashley Madison data breach, singles looking for love on Plenty of Fish could be infected by malware.

Security firm Malwarebytes has found the advertising network used on the site is dishing up fake ads that install malware on systems with out of date software like Internet Explorer or Adobe Flash.

If a dodgy link is clicked, an exploit kit searches for vulnerabilities and drops the malicious software onto the machine. Some ads can even automatically install malware if it detects a PC that can be infected. Malwarebytes believes the malware installed is Tinba, which is typically used to steal bank details.

Plenty of Fish malvertising

The company stresses that Plenty of Fish’s servers have not been breached, so user information is safe – unlike that of millions of Ashley Madison users.

“Malvertising has been around for a while now and often is quite successful in its attack campaign because of the lack of interaction needed by the individual infected. It’s not reliant on unpatched servers or vulnerabilities nor the reputation of the affected site,” explained Mark James, security specialist at ESET. “It could be a high profile or an under the radar website and has the ability to spread through thousands of users before being found and stopped.

“After the massive media attention that Ashley Madison has attracted, it stands to reason that similar infiltrations will also attract the same sort of short term awareness. Along with the actual information retrieved from the site, there comes a level of public interest in similar attacks. It’s like buying a certain make of car and then always seeing that car as you drive around, there’s probably no increase in these particular industry specific targets only our awareness of current projects.”

TechWeekEurope has contacted Plenty of Fish to see whether the company has taken any action against the malvertising campaign, but had not received a response at the time of publication.

“[Plenty of Fish] need to ensure they are using a good ad server to manage their online advertising, vet the company and the provider to ensure it has a good reputation,” added James. “While also keeping the public informed of exactly what has and what is happening will help and offer some kind of credit monitoring service to anyone directly affected by the compromise. They should check their entire systems for any type of breach and continue to monitor it on a regular basis.”

Are you a security pro? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

7 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

7 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

8 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

8 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

9 hours ago

Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…

9 hours ago