Ransomware drop exploits Adobe Flash and browser vulnerabilities.
A malvertising campaign running on Yahoo, Match.com and AOL is exposing visitors to CryptoWall ransomware, according to the security company Proofpoint.
The malicious adverts are said to exploit Adobe Flash and vulnerabilities in users’ browsers to silently deliver the malware, which locks up a victim’s computer and demands payment to release it.
Wayne Huang, VP of engineering at Proofpoint, said: "In the past few days, researchers at Proofpoint have detected numerous high-traffic websites hit by a malvertising campaign.
"These websites include various properties in the Yahoo, Match.com, and AOL domains, among others, potentially exposing as many as 3 million visitors per day and generating an estimated US$25,000 per day for the attackers."
He stressed that the affected sites were not in themselves compromised, and neither were the advertising networks operating on the site. Instead the fault was with the screening process used by the networks to accept adverts.
"While it could be argued that malvertising detection on the part of the website owners would have been part of a comprehensive brand protection strategy, ultimately the sites and the ad networks were victims of an organized campaign that exploits the nature of modern content delivery networks in order to deliver malware onto end-users’ computers," Huang added.
The advertising networks Rubin Project, Right Media (Yahoo Advertising), and Open X were identified by Proofpoint as having served malicious adverts, and are said to have taken steps to alleviate the problem.
Hackers were also said to have stolen images and advertising copy from legitimate brands such as Microsoft Bing, Fancy and Case Logic, potentially exposing those companies to reputational damage.