After would-be adulterers lose sleep about their details being uncovered in the Ashley Madison data breach, singles looking for love on Plenty of Fish could be infected by malware.
Security firm Malwarebytes has found the advertising network used on the site is dishing up fake ads that install malware on systems with out of date software like Internet Explorer or Adobe Flash.
If a dodgy link is clicked, an exploit kit searches for vulnerabilities and drops the malicious software onto the machine. Some ads can even automatically install malware if it detects a PC that can be infected. Malwarebytes believes the malware installed is Tinba, which is typically used to steal bank details.
“Malvertising has been around for a while now and often is quite successful in its attack campaign because of the lack of interaction needed by the individual infected. It’s not reliant on unpatched servers or vulnerabilities nor the reputation of the affected site,” explained Mark James, security specialist at ESET. “It could be a high profile or an under the radar website and has the ability to spread through thousands of users before being found and stopped.
“After the massive media attention that Ashley Madison has attracted, it stands to reason that similar infiltrations will also attract the same sort of short term awareness. Along with the actual information retrieved from the site, there comes a level of public interest in similar attacks. It’s like buying a certain make of car and then always seeing that car as you drive around, there’s probably no increase in these particular industry specific targets only our awareness of current projects.”
TechWeekEurope has contacted Plenty of Fish to see whether the company has taken any action against the malvertising campaign, but had not received a response at the time of publication.
“[Plenty of Fish] need to ensure they are using a good ad server to manage their online advertising, vet the company and the provider to ensure it has a good reputation,” added James. “While also keeping the public informed of exactly what has and what is happening will help and offer some kind of credit monitoring service to anyone directly affected by the compromise. They should check their entire systems for any type of breach and continue to monitor it on a regular basis.”
Are you a security pro? Try our quiz!
Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…
Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…
OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…
New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…
US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…
Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…