GoDaddy Sites Hijacked By Malvertising Attack

Visitors to the website of two US TV stations were unwittingly subjected to malvertising attacks that could have infected their PCs with dangerous malware and could affect other sites hosted with hosting provider GoDaddy.

Malwarebytes detected that two CBS-affiliated stations using GoDaddy website accounts were compromised in the attack, which was caused by the well-known Angler exploit kit.

And the security firm has now warned that many other GoDaddy users could also be at risk from having their accounts hijacked due to weak passwords.

Tuned in

The two affected stations were named by Malwarebytes as KMOV in St. Louis and WBTV in Charlotte, North Carolina. Both used Taggify and GoDaddy domains, which were hijacked to create various subdomains pointing to malicious servers which host malware.

These subdomains, which hosted the advertising content, were able to switch between a ‘clean’ version of the site and an infected version where users visiting the site were shown malicious ads.

A ‘rogue advertiser’ is suspected as being the culprit, Malwarebytes says, having subverted the Taggify self-serve ad platform to put unsuspecting viewers at risk.

The company has warned that under-strength passwords could pose a risk to many other users too.

“GoDaddy is one of the world’s largest registrars and, as such, it will experience many attacks against its platform across the globe”, Malwarebytes’ Jérôme Segura told TechWeekEurope.

“However, the weakness comes from website owners who have chosen poor passwords or have had their machines compromised.

“Trojans will harvest passwords stored in FTP clients or other software used to administer a site. Without the owner’s knowledge, attackers now possess the credentials to alter a site’s settings allowing them to make DNS changes, add subdomains, and so on.”

GoDaddy has been hit by major attacks before, most notably in 2012, when hackers affiliated to Anonymous took down the company’s entire operation, meaning millions of customers were left without access for several hours.

Malvertising has also become a growing threat in the online security space as hackers look for ever more ways to attack unsuspecting users, with previous Malwarebytes research finding that the UK is the world’s third-largest market for malvertising infections, behind only the US and Canada.

In March, major online publishers including the BBC, AOL and MSN were hit by an attack that installed potentially harmful adverts that could install ransomware or other malware on unsuspecting users’ devices if clicked on.

TechWeekEurope has contacted GoDaddy.

What do you know about Internet security? Find out with our quiz!