Malvertising: Daily Mail ads 'briefly linked' to malware

Readers of the Daily Mail's website were shown fake advertisements that linked to malware, according to a security company.

It said bogus ads for shoes briefly appeared among the selection of banners displayed on DailyMail.com.

Instead of online shops, it said, the ads linked to malware that could expose computers to "ransomware".

Ransomware encrypts files on a victim's computer and asks for a payment to decrypt them again.

The practice is known as "malvertising".

Security company Malwarebytes said it had made the discovery last week and had published a report about its findings online, external.

A spokesman for the Daily Mail later said that it had not been contacted by Malwarebytes about its findings in advance.

However, the BBC has seen evidence that the security company did in fact try to contact the newspaper about the issue last Friday.

By Monday morning, the security company said that the fake ads had been removed.

Malwarebytes said the banners, purporting to be for an online shoe retailer, were published via a bogus ad server.

From there, they were said to have been distributed via an advertising network that presents ads to readers on the Daily Mail's website.

If a user clicked on one of the ads, said the security firm, they would be redirected to a well known piece of malware called the Angler Exploit Kit, which attacks vulnerabilities in Internet Explorer and Flash.

There are various ways to protect yourself from ransomware, according to Tony Berning, senior manager at software company Opswat.

"To protect against ransomware, users must back up their data regularly," he said.

"In addition to this, an important defence against ransomware is the use of anti-virus engines to scan for threats.

"With over 450,000 new threats emerging daily, anti-malware engines need to detect new threats continuously, and will inevitably address different threats at different times," Mr Berning said.