If you have visited Huffington Post’s website in the last week you may want to scan your computer, if you can even use it.
Cyber security firm Cyphort announced they found a cyber-attack and extortion campaign being run through the popular news website. This attack, which spanned from December 31st to January 5th, came from malware-laced advertisements that lock computers when infected. Several major websites were vulnerable to this, but Huffington Post is the largest of them all.
Hackers are always trying to find new ways to infect computers, but infecting computers was not all these hackers were trying to accomplish. They are also demanding money in exchange for unlocking the infected computer.
The attack looks to have only affected Windows PC’s with outdated browsers, especially Internet Explorer 8. Even though this browser is out of date, it currently is the most used version of Microsoft’s flagship browser. Outdated browsers act as an open door for an attack because Cyphort found visiting the website alone was enough for malware to infect the visitor’s computer. As soon as the ad appeared on the site, the attack was put into action. People didn’t even have to click on anything to be infected. Modern browsers including IE 11, Google Chrome, and Mozilla’s latest browser release are not vulnerable to the attack.
The malware is called Kovter which is a nasty strain of so-called ransom ware. After the computer is infected, the computer shuts off access to the keyboard and mouse. The screen is then taken over with a message claiming to be from law enforcement. The message from “law enforcement” informs the user they are in violation of looking at child pornography and need to pay a fine of $300. Most people should know this is a scam because the fine is only payable through pre-paid MasterCard and Visa cards from MoneyPak.
AOL, who owns Huffington post, said they quickly took necessary steps to correct the problem and are “committed to bringing new levels of transparency to the advertising process, ensuring ads uphold quality standards and create positive consumer experiences.” AOL does not know how many people were infected by this attack.
If you think your computer may have been exposed to this attack or want to make sure your computer is clean, let RedOrum check your computer for you. Click here to view our computer diagnostic special which will make sure your computer is happy and healthy for the new year ahead.