Independent blog site hit by malware

The Independent newspaper's blogging platform has been briefly compromised with malware that infects readers' computers, security experts have said.

Researchers from Trend Micro found blogs on the website had been modified to install malware known as Cryptesla on readers' devices.

The malware holds files on the host machine to ransom and demands a payment to restore them.

The Independent said it had removed all ads on the site while it investigated.

"It appears that an advert appearing on that blogsite may have included malware," said a spokesman for the newspaper.

"There is no suggestion or evidence that any of our users have been affected by this."

The spokesman said the site affected was an old or "legacy" system that was now rarely visited.

According to Trend Micro, the ransomware has been present on the Independent blogs website since at least 21 November.

"We reported it to them on Tuesday - but, as of today, it is still happening," said Raimund Genes, chief technical officer at Trend Micro.

"Now we need to go public to warn people who are not using security software like ours."

The malware exploits a security hole in Adobe Flash Player to install itself on a victim's computer.

Once downloaded, it sets about encrypting documents, rendering them useless without the key to decrypt them, for which it demands a ransom.

The vulnerability in Flash has since been patched, but anybody using an old version of the web browser plug-in could still be at risk.

"For a while on Tuesday, the malware didn't trigger. But that was not the Independent solving it, it was the attackers updating the malware with a new version," said Mr Genes.

"My advice is to update your Flash Player. Always do it immediately when it says an update is available, because Flash remains one of the main ways attackers can compromise a system."

The spokesperson added that the media group was now looking into the incident.

"We are currently investigating third-party advertising suppliers that are used by our externally hosted blog platform Independent blogs, which is a separate entity to independent.co.uk," they said.

"Less than 0.2% of the Independent digital audience visited this separate, legacy blogsite in the entire month of November," the spokesman added.

More and more cyber criminals are seeking to subvert adverts in a bid to catch out visitors to popular sites.

This so-called malvertising has been found on many other places. Other newspapers as well as streaming sites and porn hosts have all briefly hosted booby-trapped ads.