So how do cyber criminals spread Angler to that Internet users like you and me get infected?
Attackers rely on 3 major tactics to reach as many PCs as they can:
Malvertising
Malicious iFrames
Malicious code injection.
Malvertising is when cyber criminals use online advertising to distribute malware. They infiltrate content distribution networks that are in charge of deploying online advertisements on websites. The servers that work to do this are usually quite vulnerable, so it’s not a challenge for attackers to get in.
Once they’re in, they can infect all the banners in the network with malicious code, in this case, redirects that lead to Angler landing pages. So websites as big as The Huffington Post, Mashable or others could be endangering their visitors without knowing it.
By using malvertising, cyber criminals can reach a huge numbers of Internet users at once. We’re talking millions!
And there’s another way that Angler can get into your system: iFrames. This is a way to insert content from another website on the website you’re visiting. So you could be reading an article on The New York Times and the page could host malicious content from another website. This type of malicious content will also redirect users to Angler exploit kit pages, where the infection will be triggered.
Of course, there’s also the situation in which attackers choose to inject malicious code into various websites. This code will also feed traffic to the web pages creates to spread Angler and the consequent malware infections.
All these 3 tactics rely on leveraging the trust that visitors have in big websites. Cyber criminals also correlate this trust factor with the exploit kit’s ability to remain undetected while the infection takes place. It’s a dreadful combination that fools too many victims who are very often unaware that such dangers even exist.