New Cryptolocker, Locky Ransomware Installers Can Infect Computers Without Users Clicking Anything, Say Researchers
“Up till now most ransomware seen required a person to interact with it to infect the system,”
According to Malwarebytes research this particular attack was unique in that it used video ads to distribute its cocktail of malware among which were classic ransomware software like Cryptolocker, TeslaCrypt and Locky. Users didn’t need to click on the ad at all. Once the page loaded, the video began doing a drive-by malware installation on victims’ computers.
“We see a rise in attacks every weekend,” but this was really out of the ordinary in terms of the numbers of publishers that were affected and the ad networks that were involved.
By using a sophisticated and unusual method of infection that went undetected even by Google ad networks, the campaign had widespread reach. Below are some of the sites that were infected and pushing out the virus
when visited. That since have been cleaned. But rest assured they will show up even more.
Malwarebytes list of online publishers targeted in March video malware campaign.
“The ads that were infected were video ads, which is why they made it through”
How to protect yourself.
Make sure you have antivirus installed
As always, don’t open suspicious attachments (e.g. .doc, .xls, and .zip files)
Keep recent backup copies of important data in a secure place either online or offline.