Dating website Match.com has suspended advertising on its UK site after security firm Malwarebytes uncovered a potential malware attack on its advertising networks.
Match.com said in a statement to V3 that the company has taken “the precautionary measure of temporarily suspending advertising” while it investigates the problems.
“Our security experts were able to identify and isolate the affected adverts; this does not represent a breach of our site or our users’ data,” the statement reads.
“To date we have not received any reports from our users that they have been affected by these adverts. Nonetheless, we advise all users to protect themselves from this type of cyber threat by updating their antivirus/anti-malware software.”
V3 understands that the advertising on Match.com is provided by partners and that the malware incident is not being viewed as a breach of individual user data.
The statement comes after Malwarebytes revealed that Match.com’s ad network had been breached by a malware campaign that could affect millions of UK visiters in yet another attack on a dating website after the Ashley Madison hack and data leak.
The breach exploits shortened Google URLs in order to install the Angler exploit kit and inject trojan viruses through ads on the site.
Malwarebytes also revealed that the attack used CryptoWall ransomware to lock down computer systems until the victim pays a sum of money for the files to be unencrypted.
Jérôme Segura, senior security researcher at Malwarebytes, warned that the group behind the malware appears to be well organised and should be of concern to businesses.
“We have been tracking a large but stealthy malvertising campaign that used many different layers to hide from security researchers but also ad networks themselves,” he told V3.
“The group behind it is well experienced and has been able to fool several ad exchanges while diverting traffic to the Angler exploit kit, resulting in malware infections.”
Segura explained that people with outdated or unpatched computer systems are at greater increased risk of infection.
“Users with outdated browsing software or a plugin such as Flash, Silverlight, Reader or Java on their computers do not even have to click on one of the dodgy ads on the network. The malware simply silently loads, locks files on the computer and a few minutes later a message demanding the ransom is sent,” he said.
“We alerted Match.com and the related advertisers, but the malvertising campaign is still ongoing via other routes.”
Website statistics show that Match.com has 27 million visitors a month worldwide with up to 5.5 million of them in the UK.
The news follows the discovery in August by Malwarebytes of a similar attack on Match.com’s UK sister site PlentyOfFish, which draws in over three million daily users.
The attack on Match.com follows the hack on adultery website Ashley Madison in which 37 million customer records were released online by a hacking collective known as Impact Team.
The fallout from the Ashley Madison attack, which has claimed the job of Ashley Madison CEO Noel Biderman, continues to surprise as security researchers pore over the 30GB of internal emails and website source code.