Match.com users at risk from CryptoWall ransomware
Dating site users could be compromised by malvertising, warns Malwarebytes
The UK version of dating website Match.com has been compromised by malware propagated by adverts that could potentially be used to steal the data of hundreds of thousands of users.
The security threat was discovered by researchers at Malwarebytes and could subject compromised Match users to ransomware, requiring them to pay a fee to cyber criminals in order to regain control of their computer.
Security researchers discovered Match.com served malvertising, directing users clicking on the adverts to a shortened Goo.gl URL, which loads the Angler exploit kit onto the compromised machine.
The Angler exploit kit is known to serve the Bedep ad-fraud Trojan, as well as CryptoWall ransomware, which demands $500 from the victim for the key to decrypt their files. The same exploit was previously used by the same gang to target PlentyOfFish, another dating website in the Match group.
A statement from Match.com attempted to reassure users that the website is doing all it can to ensure that they aren't compromised by security threats.
"We take the security of our members very seriously. Earlier today, we took the precautionary measure of temporarily suspending advertising on our UK site, while we investigated a potential malware issue. Our security experts were able to identify and isolate the affected adverts. This does not represent a breach of our site or our users' data," it said.
According to Match.com, no users have actually been compromised, but the dating website urged users to take precautions.
"To date we have not received any reports from our users that they have been affected by these adverts. Nonetheless, we advise all users to protect themselves from this type of cyber-threat by updating their anti-virus [and] anti-malware software."
Tim Erlin, director of security and product management at Tripwire, warned that users falling victim to malvertising risk having their personal data stolen.
"The distribution of malware through advertising networks isn't new, but the consequences of being infected remain serious. Users can have their personal information copied, or their own data held for ransom, just for visiting a site that serves up a malicious advert," he said.
"The best protection from this kind of attack is to ensure your computer is up to date with security patches. Malware often exploits a known vulnerability for which patches exist, but haven't been applied," Erlin added.
Mark James, security specialist at IT security firm ESET, argued that the best form of defence against malvertising is to not blindly click on links, but to take the time to ensure that the link is legitimate.
"Shortened URLs are a problem for everyone these days. We always talk about checking any links you are about to press to ensure you're not going to end up somewhere you should not. This is easier if you can read the whole link, when they are shortened or abbreviated it's a whole new problem for users," he said.
"Always, where possible, check the destination of any links before you commit to them," James added.