GoDaddy Sites Hijacked By Malvertising Attack

Visitors to the website of two US TV stations were unwittingly subjected to malvertising attacks that could have infected their PCs with dangerous malware and could affect other sites hosted with hosting provider GoDaddy.

Malwarebytes detected that two CBS-affiliated stations using GoDaddy website accounts were compromised in the attack, which was caused by the well-known Angler exploit kit.

And the security firm has now warned that many other GoDaddy users could also be at risk from having their accounts hijacked due to weak passwords.

Tuned in

The two affected stations were named by Malwarebytes as KMOV in St. Louis and WBTV in Charlotte, North Carolina. Both used Taggify and GoDaddy domains, which were hijacked to create various subdomains pointing to malicious servers which host malware.

These subdomains, which hosted the advertising content, were able to switch between a ‘clean’ version of the site and an infected version where users visiting the site were shown malicious ads.

A ‘rogue advertiser’ is suspected as being the culprit, Malwarebytes says, having subverted the Taggify self-serve ad platform to put unsuspecting viewers at risk.

The company has warned that under-strength passwords could pose a risk to many other users too.

“GoDaddy is one of the world’s largest registrars and, as such, it will experience many attacks against its platform across the globe”, Malwarebytes’ Jérôme Segura told TechWeekEurope.

“However, the weakness comes from website owners who have chosen poor passwords or have had their machines compromised.

“Trojans will harvest passwords stored in FTP clients or other software used to administer a site. Without the owner’s knowledge, attackers now possess the credentials to alter a site’s settings allowing them to make DNS changes, add subdomains, and so on.”

GoDaddy has been hit by major attacks before, most notably in 2012, when hackers affiliated to Anonymous took down the company’s entire operation, meaning millions of customers were left without access for several hours.

Malvertising has also become a growing threat in the online security space as hackers look for ever more ways to attack unsuspecting users, with previous Malwarebytes research finding that the UK is the world’s third-largest market for malvertising infections, behind only the US and Canada.

In March, major online publishers including the BBC, AOL and MSN were hit by an attack that installed potentially harmful adverts that could install ransomware or other malware on unsuspecting users’ devices if clicked on.

TechWeekEurope has contacted GoDaddy.

What do you know about Internet security? Find out with our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

2 days ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

2 days ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

2 days ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

3 days ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

3 days ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

3 days ago