IE 11 is not supported. For an optimal experience visit our site on another browser.

Cyber Criminals Snap Up Expired Domains to Serve Malicious Ads

Users on the websites of the New York Times, Newsweek, BBC and AOL may have installed malware on their computers if they clicked on the malicious ads.
Cyber Attacks
Cyber Attack CrimeBill Hinton / Moment Editorial/Getty Images

Expired domain names are becoming the latest route for cyber criminals to find their way into the computers of unsuspecting users.

Cyber criminals launched a malicious advertising campaign this week targeting visitors of popular news and entertainment websites after gaining ownership of an expired web domain of an advertising company.

Users visiting the websites of the New York Times, Newsweek, BBC and AOL, among others, may have installed malware on their computers if they clicked on the malicious ads.

Bresntsmedia.com, the website used by hackers to serve up malware, expired on Jan. 1 and was registered again on March 6 by a different buyer, security researchers at Trustwave SpiderLabs wrote in a blog.

Read More: You Should Never Pay Ransomware Hackers, Security Experts Say

Buying the domain of a small but legitimate ad company provided the criminals with high quality traffic from popular web sites that publish their ads directly, or as affiliates of other ad networks, the researchers said.

New York Times spokesman Jordan Cohen said the company was investigating if the attack had any impact. "To be clear, this is impacting ads from third parties that are beyond our control."

Newsweek, BBC and AOL could not be immediately reached for comment.

The researchers also found two more expired "media"-related domains - envangmedia.comand markets.shangjiamedia.com- used by the same cyber criminals.

The people behind the campaign may be on keeping a watch for expired domains with the word "media" in them, they said.