Major UK newspaper sites found to be hacked websites
Hackers have targeted the Guardian and two other major British news sites through ads and infected links which download malware (malicious software) to readers’ computers. In the Guardian’s case, malicious links were found, ironically, next to an old article from 2011 called “Cybercrime: is it out of control?” (Update: They have now cleaned that page of malware)
Websites Hacked with the Angler exploit. A particular nasty hacker infection!
The article in question automatically directed users to a landing page containing a notoriously effective exploit kit called Angler. An exploit kit is a package which contains a range of exploits for various known software vulnerabilities. This means that if Angler detects that the victim is running Java, then it can deploy a Java exploit. If the victim is running Internet Explorer, then it can deploy an Internet Explorer exploit. Similarly if the victim is running Flash, then a Flash exploit is deployed.The exploit kit was activated even if the user didn’t click on the affected link. This news follows the findings that lately two other UK news sites, The Independent and The Daily Mail, were also placed into the “hacked website” category when they were recently hit by similar attacks using the Angler exploit kit.
What do the hackers gain by hacking these websites ?
Hackers use automated tools to hack a large number of sites and use them to spread viruses to people’s phones and computers or even use them as part of a Blackhat SEO service they sell to boost other sites search engine rankings. Worse still, they could even rent your server out to be used by criminals for serving their own illegal content or images. Unfortunately the site’s owners very often don’t even notice what has happened to their site for months (unless it is a website takeover hack). This of course damages their web credibility and in worst case scenarios they get taken down by the hosting provide or blacklisted by Google. See this post for why would hackers hack my website
Times are changing
Ads on The Independent’s blog section had been activating the exploit kit, which took advantage of a known flaw in Adobe Flash Player to install “ransomware” on the user’s computer. Ransomware is malware which encrypts a user’s files and demands payment to unlock them again. The Independent told The BBC the affected section — which is hosted separately to its main site, independent.co.uk — was rarely visited and there was no suggestion any users were affected. Users were only vulnerable if they had an out-of-date version of Adobe Flash Player installed.
In October, “malvertising” was discovered on The Daily Mail website by MalwareBytes, which makes anti-malware products.
The Register calls Angler “the most capable and prolific exploit kit in use by criminals. It is often noted that Angler is responsible for 80 per cent of malicious traffic generated by exploit kits. There really is no such thing as a safe website anymore by default and website owners (even the big companies such as newspaper sites) need to ensure their websites are up to date on all software versions and are fully protected uses a firewall and security service such as SharkGate website protection.