Yet another dating site, Match.com, is at risk from malware which could steal personal information, send spam emails and operate silently within their devices without their consent. Visitors to the site are at risk from malware which could steal personal information, send spam emails and operate silently within their devices without their consent.
Website visitors are also at risk from CryptoWall ransomware - a sophisticated Trojan that will encrypt files on a user’s computer and hold them ransom, according to Malwarebytes. CryptoWall passes users to a site where users can pay for files on their computer to be decrypted. Users can be told to pay $500 in order to free files on their computer.
Security experts explain what users should do, the possible implications and how Match.com should handle the situation:
Tim Erlin, Director of Security and Product Management at Tripwire says: “The distribution of malware through advertising networks isn’t new, but the consequences of being infected remain serious. Users can have their personal information copied, or their own data held for ransom, just for visiting a site that serves up a malicious advert.
The best protection from this kind of attack is to ensure your computer is up to date with security patches. Malware often exploits a known vulnerability for which patches exist, but haven’t been applied.”
Jonathan Sander, VP of Product Strategy at Lieberman Software adds: “The attack hitting Match.com users is a chain and the people in front of their computers are the weakest link. Unless their system is very old or badly configured, they will be asked if they will allow something to install at some point and they can stop all the damage by saying “no.” If you ask anyone as a hypothetical “would you say yes if a strange program asked you if it can install on your computer?” then they will say they would not. In reality, when little pop-ups appear most people simply hit “yes” to make them go away. Bad guys rely on that lack of security awareness. The best thing to protect people is not even allow them to install software by denying them the local administrative rights they need to do it. But users like to install their own screen savers and weather apps, and administrators don’t like being bothered by users for that small stuff. So security takes a back seat and malware keeps on spreading.”
Mark James, Security Specialist at IT Security Firm ESET says: “Shortened URLs are a problem for everyone these days. We always talk about checking any links you are about to press to ensure you’re not going to end up somewhere you should not. This is easier if you can read the whole link, when they are shortened or abbreviated it’s a whole new problem for users. Always, where possible, check the destination of any links before you commit to them.”
What should users to the site do to check if they have been affected by the malware?
“The first thing they need to do is ensure their internet security products, applications and operating systems are fully patched and up to date. As an average user, it’s your best protection. Next, go change your passwords NOW, not after dinner or tomorrow. Any passwords used on this site that happen to coincide with any passwords used on other sites should be changed immediately. Be on the lookout for emails or other means of communication that could come your way using data stolen as a result of this attack. Also, from now on make sure that every password you use is unique if this is not already the case.”
What will cybercriminals be able to do with the data they obtain?
“This data can and will be used for targeted phishing attacks, anything that can be used to "up" the trust level of any correspondence from them to you with a view of obtaining more data, including credit card details, will be top of their list. If they can fool you into thinking they are legitimately from your financial company then getting those details will be a whole lot easier, they could also directly use any information they manage to obtain to log into other sites that may include credit card related websites.”
How should Match.com handle this situation?
“It’s very important they manage their advertising networks correctly, with the increasing attention being directed to adverts and malware. Making sure we the users are protected from this avenue of attack is ultra important these days. Match.com need to keep their users up to date on what measures they are taking to protect their data and will need to offer some kind of credit protection for anyone involved in this breach.”
Insight from Dr David Chismon, Senior Researcher at MWR: “The reported malvertising attack through Match.com, and the choice of CryptoWall and Bedep payloads indicates that the attackers are interested in compromising consumers and individuals for data ransom purposes. However, users increasingly blur work and personal lives and people browsing Match.com from their work computer may lead to their corporate computer being infected and potential files on any mapped fileshares encrypted and ransomed. Furthermore, there is a risk that attackers discover they have compromised computers of note and sell that access onto attackers with more interest in information theft.
Users are recommended to ensure they are fully patched, however, the Angler exploit kit used is reported to sometimes use unpatched vulnerabilities (0-day). Organisations should therefore ensure they are applying defence in depth, such as using application whitelisting and only minimum privileges to conduct actions.”
UK's online daters could be the latest victims of cyber crime, after researchers discovered a malware attack aimed at Match.com's millions of users. The malicious content is being spread through adverts on the website in a "malvertising attack" which is reportedly targeting UK users in particular.
Adam Winn, senior manager, OPSWAT says: "The most vulnerable users are those who do not block ads, and have Flash set to autoplay. A vulnerability like this can strike anyway, no matter how safe their browsing habits or how well-patched their software is. Protection can be achieved with two simple techniques: Click to Play, and Ad Blocking. This combination of techniques is nearly bullet-proof against malvertising.
1) Click to Play: Set your browser to use Click to Play, which means no Flash/Java/Silverlight/etc. can launch unless the user explicitly requests it.
2) Ad blocking: While somewhat controversial, ad blocking is nonetheless an extremely effective way that users can protect themselves from malvertising. There are many competing alternatives for ad blocking, yet AdBlock remains the most popular.
Any average user can configure these two items in less than an hour, and rest assured that they will be nearly invulnerable to malvertising and many Flash/Java/Silverlight exploits in general."
Gavin Reid, VP of threat intelligence, Lancope, remarks: "It is important to not confuse the attack at Match with full site compromises like the recent hack of Ashley Madison. The information on this attack shows a much different issue of malvertising (ads that contain links to malware) being viewed on their website. Malverstising has plagued online websites, with almost all of the top 100 sites having hosted them at some time."
Simon Crosby, CTO and co-founder, Bromium offers his perspective: "If you use any online services whose data, if stolen and made public, could be used against you, then edit your profile now to include false information and a fake email address, or an alternative, randomised, non work email address from an online provider."