| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to malware-laced advertisements infecting computers and locking them down has happened again at AOL. The incident involved malicious ads served by AOL's network, affecting various websites including The Huffington Post, FHM, LA Weekly, Houston Press, GameZone, and others [32679].
(b) The software failure incident of malvertising, specifically the distribution of malware through online ads, has also affected multiple organizations beyond AOL. This incident is a form of malvertising that is becoming a growing problem in the online advertising industry, with criminals using legitimate-looking ads to distribute malware to unsuspecting users [32679]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be attributed to the malvertising attack that infected computers through malicious advertisements served by AOL's network. The malware-laced ads were able to bypass security measures and infect computers running outdated browsers like Internet Explorer 8. The attack exploited vulnerabilities in the ad delivery system, allowing the malware to be distributed to unsuspecting users simply by visiting websites with the infected ads [32679].
(b) The software failure incident related to the operation phase can be linked to the users' interaction with the infected ads. Users did not have to click on the ads for their computers to get infected; the malware was able to silently infiltrate computers when the ads appeared on the screen. This highlights the impact of user interaction with the system in triggering the malware infection, showcasing how the operation of the system (in this case, browsing websites with the infected ads) led to the failure incident [32679]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident in this case was primarily due to malvertising, where malware-laced advertisements were served through AOL's network, affecting multiple websites including The Huffington Post, FHM, LA Weekly, Houston Press, and GameZone [32679]. The malware, named Kovter, infected computers and locked them down, demanding a ransom to unlock them. The malicious software exploited vulnerabilities in outdated browsers like Internet Explorer 8, affecting users who were running these older versions [32679].
(b) outside_system: The contributing factors that originated from outside the system include the cyberattack orchestrated by hackers who injected the malware into the ads served by AOL's network. The malware-laced advertisements were designed to appear as normal ads but contained malicious code that infected computers when displayed on websites, targeting visitors without requiring them to click on the ads [32679]. Additionally, the malvertisement campaign involved redirecting the ad sources multiple times, ultimately leading to a shady Polish website's server, which helped evade detection by AOL's security measures [32679]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the article was primarily due to non-human actions. The incident involved malvertising, where malware-laced advertisements were served through AOL's network, infecting computers without the need for users to click on the ads. The malware, named Kovter, locked down computers and demanded ransom payments to unlock them. The malicious software exploited vulnerabilities in outdated browsers like Internet Explorer 8, affecting users who visited websites displaying the poisoned ads [32679].
(b) Human actions also played a role in this software failure incident. The malvertising campaign was orchestrated by hackers who injected the malware into the ads served by AOL's network. Additionally, the article mentions that FHM's publisher, Bauer Media UK, requested their advertising partner, The Rubicon Project, to investigate the matter, indicating human intervention in addressing the aftermath of the incident [32679]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident reported in the article was not due to hardware issues but rather due to malware-laced advertisements that infected computers and locked them down. The incident was a result of malvertising, where normal-looking ads were actually laced with malware, affecting users running Windows PCs with outdated browsers like Internet Explorer 8 [32679].
(b) The software failure incident was primarily caused by malicious software known as Kovter, a strain of ransomware that blocked access to the keyboard and mouse, displaying a fake message claiming to be from law enforcement and demanding a fine. The malware did not encrypt files but blocked access, and users could regain control by rebooting in safe mode and using antivirus software like MalwareBytes to clean the computer [32679]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the article is malicious in nature. It involved a cyberattack where malware-laced advertisements were displayed on various websites, infecting computers and locking them down. The hackers behind the attack demanded money to unlock the infected computers, indicating a clear intent to harm the systems [32679]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident was related to poor_decisions. The incident involved malvertising, where malware-laced advertisements were displayed on various websites, infecting computers and locking them down. The malicious software, Kovter, was a strain of ransomware that demanded money to unlock infected computers. The malware was distributed through ads served by AOL's network, affecting users running outdated browsers like Internet Explorer 8. The criminals behind the attack posed as legitimate customers with normal-looking ads that were actually laced with malware, taking advantage of the automated and complex nature of online ad delivery [32679]. AOL's alarms did not go off because the ad redirected its source multiple times, making it difficult to detect the malicious content [32679]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident reported in the article was not due to development incompetence. It was primarily a result of a cyberattack involving malvertising, where malware-laced advertisements were displayed on various websites, infecting computers and locking them down [32679].
(b) The software failure incident was accidental in nature. The malware-laced advertisements that caused the incident were served by AOL's network and were not initially detected due to the complex nature of malvertising, where ads can be manipulated to deliver malware without being easily caught. The incident was described as a malvertisement that targeted every single visitor to The Huffington Post website, indicating the accidental nature of the attack [32679]. |
| Duration |
temporary |
(a) The software failure incident described in the article was temporary. The malware-laced advertisements that infected computers and locked them down were active for a specific period, running on ads served by AOL's network between Dec. 31 until Jan. 5 [32679]. The malicious software, Kovter, did not permanently damage the files on the infected computers but rather blocked access to the keyboard and mouse, displaying a message demanding a "fine" [32679]. The incident was resolved when AOL shut down the malvertisements two days after being alerted by Cyphort on Jan. 3 [32679]. |
| Behaviour |
crash |
(a) crash: The software failure incident described in the article can be categorized as a crash. The malware-laced advertisements caused computers to be infected and locked down, cutting off access to the keyboard and mouse, essentially rendering the system inoperable and not performing its intended functions [32679]. |