Alexa metrics
Live Chat

Welcome to UKFast, do you have a question? Our hosting experts have the answers.

Chat Now
Sarah UKFast | Account Manager

The Malware Angling for your Details

16 March 2016 by Jenn Granger

Several major websites, including and the New York Times, have been foxed by fake ads, which have the potential to lead billions of users to websites containing ransomware and other badness. The attackers have been demanding payment from users to get their files back. Here’s what happened, and how you can help guard against similar situations in the future.Angler malware

Malicious ads have been showing up on popular websites including MSN,, the New York Times, AOL and Newsweek.

Clicking on the ads sends you straight up the garden path, redirecting you to an Angler exploit kit which then prods about in your devices for weak spots, with the aim of infecting your system with Trojans or ransomware that encrypts all your data and demands money in exchange for the decryption key.

The attacks, which only affect Windows users and mostly US-based ones at that, have been asking for payments ranging from a few hundred dollars to thousands.

It’s looking likely that the ads were approved by the sites in the first place because they arrived under the domain name of a trusted company. It could happen if an ad company – let’s call them Ad – didn’t renew its ‘’ domain after its registration was up. The attackers could then re-register themselves when it expired in order to capitalise on the fact that people recognise and trust the name, in order to get them to use their ads on their website.

It’s raised some legit questions about where the malware has come from and whether there could be a new trend of domain stalking about to kick off, with attackers taking over trusted domains when they reach their expiration date.

“This provides them with high quality traffic from popular websites that publish their ads directly,” wrote Trustwave’s ethical hacking company, SpiderLabs, in a blog post. This means that attackers get a rich vein of potential victims coming straight into their sticky web of horror.

You can help to protect your domain – and yourself – from such an exploit by setting it to auto-renew via MyUKFast!

Renew or register domains with UKFast on our website or through your MyUKFast client portal.