Math.com, a website that helps people find the perfect “match” has recently been attacked with so-called “malvertising.” Only the United Kingdom version of Match.com so far has been hit with “malvertising.” Senior security researcher at Malwarebytes, Jérôme Segura told Match.com’s advertising about the malware. He told them that their channel was used to host a crimeware toolkit called Angler Exploit Kit (AEK). AEK is used to exploit a person’s PC by finding unpatched flaws on the PC. The Angler Exploit Kit is also known to be linked with Bedep ad fraud Trojan as well as CryptoWall ransomware. The same malvertising attacked another site called Plenty of Fish, which is owned by Match.com. The malvertising works by disguising as a regular ad on Match.com, and when a user clicks the ad, it installs malware onto the user’s PC or mobile device.
After being alerting of these attacks, UK’s Match.com has suspended all advertisements on their site and app until the issue is resolved. A spokeswoman of Match.com said, “We advise all users to protect themselves from this type of cyber-threat by updating their anti-virus/anti-malware software.” The attack did not lose Match.com much money, because the CPM or cost per thousand impressions was only 36 cents. What this means is that for every 1000 computers or other devices shown the ad, the malware ad was only 36 cents.
Many companies are now trying to find and report ransomware like the one that has attacked Match.com. Ransomware can be distributed in many forms such as, phishing emails, exploit kits, spam, and malvertising. Ransomware can lock up an infected computer and steal a users personal information and demand a ransom to get their information back, thus the name. Match.com is yet to fix this issue and is continuing to try to do so.
Author: Matthew J. Schwartz
By: Niccolo Dechicchio