Financial scammers are infecting ads on Google’s ad network, and people who visit Examiner.com are at risk. These infected ads look legit, but they use Flash-based redirection to install malware and steal financial information. And you don’t even have to click on them to get infected with Zbot, the banking trojan that takes financial data.
You just have to visit the page and have Flash enabled. (Update: Looks like it’s Cryptowall, a ransomware that encrypts files and then only decrypts them if you pay up.)
This is a good time to remind you to disable Flash. This recent spate of attacks makes it clear that it’s too easy to exploit (this’ll also give you the added benefit of saving battery on your laptop).
Disabling Flash is not hard. For Chrome, go to Settings and click on Show Advanced Settings. Then click Content Settings under the Privacy tab. A pop-up window will appear. Under Plug-ins, choose Click to Play.
If you use Firefox, I recommend installing an add-on called FlashDisable that makes it easy to turn it on when you want to watch a YouTube video and turn it off when you’re just browsing around. Flashblock works, too.
If you are using Safari or Internet Explorer, I am confused by your life choices. But whatever you use, don’t allow Flash to automatically play everything in your browser. Malewarebytes’ senior security researcher Jerome Segura suggested that this kind of attack is likely to continue. “The lines between malvertising and exploit kits are getting blurry,” he said. And with Flash as the delivery tool for those exploit kits, it’s well worth taking the time to change your settings.