Malvertizing on YouTube is the latest threat vector being used to spread CryptoLocker and variant CryptoWall
VirusBulletin reported that cyber criminals are now spreading Cryptolocker / CryptoWall around via YouTube. Malware researchers Vadim Kotov and Rahul Kashyap discovered cyber-criminals were purchasing advertising space on YouTube and then then using exploit kits to infect workstations .YouTube Ad space turns out to be a cheap and efficient way to spread browser malware while using their powerful geo-targeting features.
According to KnowBe4 CEO Stu Sjouwerman; “Clicking on a thumbnail after the first video causes a redirect, kicks in an exploit, which in turn looks for an unpatched hole and executes the ransomware. The user files are then locked with a $500 ransom fee.” Sjouwerman continued; “Unfortunately, this is a highly profitable criminal business model. Research shows there is very little advertising networks can do to prevent the attacks.”
Spreading malware via ad-networks in itself is nothing new. These types of attacks are reminiscent of 2010’s scareware with “Free Security Scans” that found a host of supposed problems and forced users to buy a bogus antivirus program to get their computer to run properly. Some of these gangs now have moved on to more lucrative ransomware.
Cybercriminals also have taken to combining malware to create a new ransomware menace, making it even harder for IT managers to safeguard their networks. Recent combinations include the despised Revetron “police” lock/screen which added to Pony and Papras password stealers, make a much more dangerous threat.
Sjouwerman (pronounced “shower’man”) advocates the increased use of best practices to offset the increased threats. “It is important to patch end-user workstations as soon as possible. You might also consider either blocking YouTube at the edge, and/or deploying ad blockers in your Internet filter or as browser plug-ins, and of course, you guessed it, educate your users with effective training like Kevin Mitnick Security Awareness Training. After all, we are the only company that offers a ransomware guarantee to pay your crypto-ransom if you get hit with ransomware while you are a customer.” For more information visit www.KnowBe4.com.
About Stu Sjouwerman And KnowBe4
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.
About Kevin Mitnick
Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.