The popular dating site Match.com has been displaying malvertisements on its UK version and is likely to infect over 5 million users in the United Kingdom. The malware is displayed through the advertisement banner on the website of the popular matchmaking site and is displayed only on the UK version of the website. Also, it is displayed on the website accessible through the URL shortener of Google.
The information about the vulnerability of the website to infect millions of users has been reported by BBC. The malware was detected by the internet security firm Malwarebytes. However, unlike the attack on the website of the most popular website in the world Ashley Madison, the attack on Match.com is not due to any security breach to the server.
The main server of Match.com has not been hacked and therefore the information of the users will not be compromised from the server side. However, the malicious advertisement displayed on the website banners has been specifically targeting users from UK and has been installing malware on those UK users who access the website through the shortened URL of Google.
The malware has the potential to infect the computers of the users and steal their sensitive information. It can also send spam emails to them and attack other computers on their network. The malware uses an exploit kit known as Angler to exploit the vulnerabilities of the system. The kit then installs Bedep Trojans which are ad fraud malware.
Malwarebyte has attempted to inform Match.com but the advertisements are still displayed on the website. The malware is using several routes to attack the users and it seems that Match.com is unable to control them. The malware is successfully able to exploit the bugs in Flash, Java and Adobe Reader.