Readers of a number of popular sites including Huffington Post, LA Weekly, FHM and Gamezone.com got a nasty surprise this week when ads loaded malware onto their computers.
Computer security firm Cyphort noticed that HuffingtonPost.com was infected with so-called malvertising over the weekend. The malicious ads were served through the AOL ad network advertsing.com.
Within days, Cyphort identified more than a dozen other sites that also contained ads from the network that installed a Trojan onto readers' computers. The attack redirected to a series of sites, including several Polish domains, before landing on a page that loaded the malware, locking users out of their machines.
The Trojan in this case is what's known as ransomware, because it effectively holds your files hostage until you pay the attackers to release them. A user doesn't have to click on infected ads for the software to take over.
It is unknown how many computers were affected, and the attack appears to have only affected Windows computers running older versions of Internet Explorer, according to CNN.com.
In a blog post, Cyphort director of security research Nick Bilogorskiy said that this type of "drive-by" malware infection increased last year and "presents a significant cybersecurity challenge in 2015."