Malware attacks hit Match.com UK site

Security researchers have discovered malicious adverts on the UK version of dating site Match.com.  Malwarebytes, which found the cyber-threat, said that anyone caught by the ads could fall victim to ransomware.

Malicious ads were appearing on pages of the site via an ad network that passes content to Match.com and other places, redirecting those who click on the adverts through a series of links to a site embedded with code that checks if a visitor is running outdated versions of commonly-used software.

Bugs in the versions of Flash, Java, Adobe Reader and Silverlight used in browsers were all being exploited by the malicious code. Once compromised, the machine could be hit by one of several different attacks. The servers themselves have not been breached.

The assault against users of Match.com is basically geared toward variants of the CryptoWall ransomware and the Bedep ad fraud Trojan.

Malwarebytes said it was unclear as to how many people fell victim to the malicious adverts since the booby-trapped ads were served through a network that provided content to many sites.

Match knew about the ads and is investigating the issue and working to clean up the site's feed. “We take the security of our members very seriously indeed,” said a spokesperson for Match.com.

David Kennerley, senior manager for threat research at Webroot commented, “Malvertising is becoming a go-to method for fraudsters, with Yahoo! and Australian operator Telstra also falling foul last month. Money is the primary motivation for attacks of this nature and often these malicious ads are for additional attacks.”

Update:

A spokesperson for Match.com UK said:

“We take the security of our members very seriously. Earlier today we took the precautionary measure of temporarily suspending advertising on our UK site whilst we investigated a potential malware issue. Our security experts were able to identify and isolate the affected adverts, this does not represent a breach of our site or our users' data.

“To date we have not received any reports from our users that they have been affected by these adverts. Nonetheless, we advise all users to protect themselves from this type of cyber-threat by updating their antivirus / anti malware software.”


Sign up to our newsletters