The Clearwater, Fla.-based security firm KnowBe4 has warned of new breed of ransomware disguised as online advertisements. The phenomenon, dubbed "malvertizing," involves hackers who load poisoned ads onto Adspirit.de, a publishing network employed by websites such as Drudgereport.com and wunderground.com.
The malware-laced ads redirect to a Microsoft Azure website. Malvertizing has apparently spread to eBay, Yahoo and AOL.com – sites visited by millions of users – according to security researchers at MalwareBytes and SC Magazine.
KnowBe4 CEO Stu Sjouwerman said, "The same cybercrime lowlifes that infected the Yahoo website a few weeks ago have struck again, and were serving poisoned web ads which either dropped CryptoWall ransomware or infected the PC with adware."
Sjouwerman emphasized that most employees who browse the web during the day or over lunch do not understand the mechanics of modern ad networks. Once the subversion of an ad network emerges, hundreds of millions of poisoned ads will display in real-time, and many of these ads initiate a "drive-by attack," which occurs even if the user takes no action.
"The attack does a few redirects, kicks in a U.S. and Canada-focused exploit kit, which checks for vulnerabilities, usually in Flash, and infects the workstation literally in seconds," he said.
The malware is difficult to detect because it hides behind an SSL to Microsoft's Azure Cloud, according to Sjouwerman.
Cybercriminals attempt to fool the ad network into thinking they are legit advertisers, but if someone merely browses a page with a poisoned ad on it, they'll risk encrypting their PC with ransomware. When this happens, it can cost an average of $500 to retrieve lost files.
Sjouwerman advises IT managers to warn their staff and help them understand how ad poisoning works. He offered the following protective steps:
1. Disable Adobe Flash on your computer, or at least set the Adobe Flash plug-in to "click-to-play" mode, which blocks the automatic infections.
2. Stay up to date with all security patches and install them as soon as they come out.
3. Download and install ad blocker plug-ins. This prevents displaying of ads in a browser altogether. "These ad blockers are getting very popular; hundreds of millions of people use them" he noted.
Within an organization's network, Sjouwerman recommended either getting rid of Flash all together, or deploying ad blockers using a group policy.
"There are free solutions such as Adblock Plus in Chrome, which work well and can help protect a network," he advised.
Malvertizing might impact ecommerce revenues as well. A study from Adobe and PageFair estimates the loss of global revenue due to blocked advertisements in 2015 at more than $21.8 billion, rising to $41.4 billion in 2016.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
