UK Match.com site hit by malicious adverts

  • Published
Screengrab of UK Match.com websiteImage source, Match.com
Image caption,

Anyone caught out by the adverts could find data is held to ransom

Malicious adverts have been found on the UK version of the Match.com dating website.

Anyone caught out by the booby-trapped ads could fall victim to ransomware, said security company Malwarebytes, which spotted the cyber-threat.

The malicious ads appeared on pages of the dating site via an ad network that pipes content to Match and many other places.

Match briefly suspended adverts on the UK site while it investigated.

"We take the security of our members very seriously indeed," it said in a statement. "Our security experts were able to identify and isolate the affected adverts, this does not represent a breach of our site or our users' data," it added.

Ad monitoring

The attack worked by redirecting people who click on one of the adverts through a series of links to a site that is seeded with code that checks to see if a visitor is running outdated versions of widely used software.

Bugs in the versions of Flash, Java, Adobe Reader and Silverlight used in browsers were all being exploited by the malicious code, said Malwarebytes.

Once a machine was compromised it could be hit by one of several different attacks, it said.

These could include falling victim to a virus that encrypts data. It is only decrypted if a victim pays a ransom of several hundred dollars or euros.

Another attack involves a trojan that tries to steal login names and passwords for online bank accounts.

Malwarebytes said it was not yet clear how many people had fallen victim to the malicious adverts, because the booby-trapped ads were served via a network that provided content to lots of different sites.

A Match.com spokesperson said it had no reports that any users had been caught out but it advised people to make sure security software was up to date to ensure they stayed well protected.

A spokesman for Malwarebytes said cyber thieves were increasingly turning to ad-based campaigns to find victims.

"We're seeing these types of attacks happen more and more," they said. "Companies should always have effective measures in place to monitor for these malicious ads."

Match.com's sister site Plenty of Fish was hit by a similar ad-based attack in late August.