Match.com suspends all UK ads after malware warning

04/09/2015

Malicious adverts have been found on the UK version of the online dating website Match.com, leaving users vulnerable to computer viruses.

match.jpg

Match briefly suspended adverts on the UK site while it investigated.

the issue that put online daters at risk of theft of personal information and cyber ransom.

"We take the security of our members very seriously indeed," it said in a statement. "Our security experts were able to identify and isolate the affected adverts, this does not represent a breach of our site or our users' data," it added.

The attack worked by redirecting people who click on one of the adverts through a series of links to a site that is seeded with code that checks to see if a visitor is running outdated versions of widely used software.

Bugs in the versions of Flash, Java, Adobe Reader and Silverlight used in browsers were all being exploited by the malicious code, said Malwarebytes.

Once a machine was compromised it could be hit by one of several different attacks, it said.
These could include falling victim to a virus that encrypts data. It is only decrypted if a victim pays a ransom of several hundred dollars or euros.

Another attack involves a trojan that tries to steal login names and passwords for online bank accounts.

Malwarebytes said it was not yet clear how many people had fallen victim to the malicious adverts, because the booby-trapped ads were served via a network that provided content to lots of different sites.

A Match.com spokesperson said it had no reports that any users had been caught out but it advised people to make

Analysis

Several security experts have commented on the issue.

Adam Winn, senior manager, OPSWAT, said: "The most vulnerable users are those who do not block ads, and have Flash set to autoplay. A vulnerability like this can strike anyway, no matter how safe their browsing habits or how well-patched their software is. Protection can be achieved with two simple techniques: Click to Play, and Ad Blocking. This combination of techniques is nearly bullet-proof against malvertising.

1) Click to Play: Set your browser to use Click to Play, which means no Flash/Java/Silverlight/etc. can launch unless the user explicitly requests it.

2) Ad blocking: While somewhat controversial, ad blocking is nonetheless an extremely effective way that users can protect themselves from malvertising. There are many competing alternatives for ad blocking, yet AdBlock remains the most popular.

Any average user can configure these two items in less than an hour, and rest assured that they will be nearly invulnerable to malvertising and many Flash/Java/Silverlight exploits in general."

Gavin Reid, VP of threat intelligence, Lancope, added: "It is important to not confuse the attack at Match with full site compromises like the recent hack of Ashley Madison. The information on this attack shows a much different issue of malvertising (ads that contain links to malware) being viewed on their website. Malverstising has plagued online websites, with almost all of the top 100 sites having hosted them at some time."

Simon Crosby, CTO and co-founder, Bromium, said: "If you use any online services whose data, if stolen and made public, could be used against you, then edit your profile now to include false information and a fake email address, or an alternative, randomised, non work email address from an online provider."

<< Back to today’s Digital Intelligence news

Copyright ©2000-2019 Digital Strategy Consulting Limited | All rights reserved | This material is for your personal use only | Using this site constitutes acceptance of our user agreement and privacy policy