From Techtalk at PCPitstop: Weather.com and Drudge Report (to name just two) sites with millions of visitors were serving up ads with CryptoWall ransomeware, or infected adware on PCs.
“Once an ad network is subverted, hundreds of millions of poisoned ads are displayed in real-time. Many of these ads initiate a drive-by attack without the user having to do anything. The attack does a few redirects, kicks in a U.S. and Canada-focused Exploit Kit which checks for vulnerabilities (usually in Flash) and infects the workstation literally in seconds.” – PCPitstop
So what should you do?
So here are a few things you can do about this.
First, disable Adobe Flash on your computer - or at least set the Adobe Flash plug-in to "click-to-play" mode - which blocks the automatic infections.
Second, keep up-to-date with all the security patches and install them as soon as they come out.
Third, download and install Ad Blocker plug-ins for your browser, these prevent the ads from being displayed in your browser to start with. These ad blockers are getting very popular, hundreds of millions of people use them.
In a network, you could decide for two things:
1) Get rid of Flash all together, we see this happen a lot, or
2) deploy ad blockers using group policy, here is a forum post at the AdBlockPlus site where it is explained how this can be done. I use Adblock Plus in Chrome and am a happy camper. Link: https://adblockplus.org/forum/viewtopic.php?t=29880
NoScripts is also good, but honestly…it’s time to kiss Adobe Flash goodbye, as I’ve said before.
*My thanks to teddybearcholla for sending me this!