Dating Site Plenty Of Fish Serves Up Malware To Users

After would-be adulterers lose sleep about their details being uncovered in the Ashley Madison data breach, singles looking for love on Plenty of Fish could be infected by malware.

Security firm Malwarebytes has found the advertising network used on the site is dishing up fake ads that install malware on systems with out of date software like Internet Explorer or Adobe Flash.

If a dodgy link is clicked, an exploit kit searches for vulnerabilities and drops the malicious software onto the machine. Some ads can even automatically install malware if it detects a PC that can be infected. Malwarebytes believes the malware installed is Tinba, which is typically used to steal bank details.

Plenty of Fish malvertising

The company stresses that Plenty of Fish’s servers have not been breached, so user information is safe – unlike that of millions of Ashley Madison users.

“Malvertising has been around for a while now and often is quite successful in its attack campaign because of the lack of interaction needed by the individual infected. It’s not reliant on unpatched servers or vulnerabilities nor the reputation of the affected site,” explained Mark James, security specialist at ESET. “It could be a high profile or an under the radar website and has the ability to spread through thousands of users before being found and stopped.

“After the massive media attention that Ashley Madison has attracted, it stands to reason that similar infiltrations will also attract the same sort of short term awareness. Along with the actual information retrieved from the site, there comes a level of public interest in similar attacks. It’s like buying a certain make of car and then always seeing that car as you drive around, there’s probably no increase in these particular industry specific targets only our awareness of current projects.”

TechWeekEurope has contacted Plenty of Fish to see whether the company has taken any action against the malvertising campaign, but had not received a response at the time of publication.

“[Plenty of Fish] need to ensure they are using a good ad server to manage their online advertising, vet the company and the provider to ensure it has a good reputation,” added James. “While also keeping the public informed of exactly what has and what is happening will help and offer some kind of credit monitoring service to anyone directly affected by the compromise. They should check their entire systems for any type of breach and continue to monitor it on a regular basis.”

Are you a security pro? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Bitcoin Hits New High Over $107,000 On Trump Comments

Bitcoin surges more than 5 percent after Trump reaffirms plans for national strategic crypto reserve,…

3 mins ago

Ofcom Gives Tech Firms Three Months To Implement Content Controls

Ofcom publishes codes of practice for tech platforms to comply with Online Safety Act, with…

33 mins ago

Broadcom Value Jumps Over $1tn On AI Optimism

Broadcom stock price surges 24 percent after company predicts 'massive' opportunity from custom AI chips…

22 hours ago

BBC Complains To Apple Over Misleading AI-Generated Headlines

BBC complains to Apple over inaccurate AI-generated information in summaries of notifications from news apps,…

22 hours ago

Half Of Teens Online ‘Constantly’ Amidst Social Media Concern

Nearly half of US teenagers say they are online 'almost constantly', amidst concern over harmful…

23 hours ago