Match.com Suspends UK Ads After Malware Attacks

As if trying to find romance wasn’t difficult enough, lately some online dating aficionados have had to contend with yet another challenge: malware.

See Also: Simplifying Microsoft Azure Deployments with Cloud-Friendly Security

The latest online dating site to be targeted by so-called “malvertising” attacks is the U.K. version of the popular Match.com (see Why Malvertising Attacks Won’t Stop).

In a Sept. 3 blog post, Jérôme Segura, a senior security researcher with security firm Malwarebytes, warned that Match.com’s advertising channel was being used to host the Angler Exploit Kit, a crimeware toolkit designed to exploit PCs by targeting unpatched flaws on those systems (see Hacking Team Zero-Day Attack Hits Flash). Segura said that he had alerted Match.com to the attacks.

The malvertising attack launched via Match.com follows attackers in August launching a similar attack via another U.K. dating site, Plenty of Fish, which reportedly sees visits from 3 million users per day and claims to be the world’s largest dating website and app. Match.com bought Plenty of Fish in July, and Segura says the two malvertising attacks appear to have been launched by the same group of attackers using many of the same techniques.

“This latest malvertising incident is the work of the same gang using Google shortened URLs leading to the Angler exploit kit,” he says. The Plenty of Fish malvertising attack, he adds, involved the otherwise legitimate ad.360yield.com network, and was serving the Tinbabanking Trojan.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s