Pierluigi Paganini September 04, 2015

Malwarebytes has uncovered a new malvertising campaign targeting the Match.com ‘s ad network which has been breached by a malware campaign.

Are you a UK single looking for love and passion? Be aware another threat is menacing dating communities, this time the popular dating web site Match.com and its  5.5 million British users suffered a Malvertising attack.

Match.com is a dating website for singles with 27.3 million site visitors worldwide every month, according to SimilarWeb, attacker carried out the malvertising campaign to serve the Bedep trojan. The users of the popular data website could be infected just by visiting the Match.com, the malvertising campaign could infect in this way their machine and steal personal information. Once infected a machine the attackers can also control it to impersonate the victim and send from its account email, as confirmed by the researchers from Malwarebytes.

“In an attack similar to the one that happened last month on PlentyOfFish, the UK version of online dating site Match.com was caught serving malvertising. Both companies are actually related since the Match Group bought out POF.com last summer. This latest malvertising incident is the work of the same gang using Google shortened URLs leading to the Angler exploit kit.” states a blog post published by Malwarebytes.

The infection flaw reported by the researchers at MalwareBytes is composed of the following steps:

• Initial URL: uk.match.com/search/advanced_search.php
• Malvertising: tags.mathtag.com/notify/js?exch={redacted}&price=0.361
• Malvertising: newimageschool.com/adframe/banners/serv.php?uid=215&bid=14&t=image&w=728&h=90
• Malicious Redirector: goo.gl/QU2x0w
• Exploit Kit (Angler): med.chiro582help.com/carry.shtm?{redacted}

Malvertising campaigns are very profitable for hackers as explained by Malwarebytes, once infected the PC, the attackers could also serve CryptoWall ransomware.

“The cost per thousand impressions (CPM) for the booby trapped ad was only 36 cents, which is nothing compared to how much infected computers can bring in terms of revenues. For instance, CryptoWall demands $500 per victim. We alerted Match.com and the related advertisers but the malvertising campaign is still ongoing via other routes.” said Jérôme Segura, senior security researcher at Malwarebytes.

A spokesperson for Match.com UK said:

“We take the security of our members very seriously. Earlier today we took the precautionary measure of temporarily suspending advertising on our UK site whilst we investigated a potential malware issue. Our security experts were able to identify and isolate the affected adverts, this does not represent a breach of our site or our users’ data.” “To date we have not received any reports from our users that they have been affected by these adverts. Nonetheless, we advise all users to protect themselves from this type of cyber-threat by updating their antivirus / anti malware software.”

This is the last attack against dating websites in order of time, a few weeks ago Ashley Madison suffered a major data breach, later visitors of the  PlentyOfFish portal were targeted and last week I reported a large-scale campaign conducted by alleged Russian hackers that hit a number of dating websites.

Pierluigi Paganini

(Security Affairs – Mach.com, malvertising)