Huffington Post, Other Sites Hit by Malvertising via AOL Ad Network

Huffington Post, Other Sites Hit by Malvertising via AOL Ad Network Advertising Security & Privacy You may have a firewall, antivirus, and other security tools, but that won't necessarily protect you online.

The security experts at Cyphort reported on their blog yesterday that they are seeing a new wave of malicious advertising attacking visitors to several popular sites:

This Saturday, January 31, 2015 Cyphort Labs detected a malvertising campaign with infections on multiple websites, including the website of Huffington Post (a news aggregator and blog site with more than 51 million monthly visitors). This is a continuation of the attack we have previously reported in early January.

This weekend Cyphort crawler observed a 400% spike in the number of daily infections discovered.

The malvertisements were distributed by, an AOL-owned ad network, as well as two other companies, and Cyphort has already notified AOL that its ad network had become corrupted, and the ads have been removed, but Cyphort reported that they were unable to reach the other two companies.

For those just tuning in, malvertising is a term used to describe adverts which, when you click on them redirect you to a site which either tries to hack your computer tries to infect it with a virus.

Huffington Post, Other Sites Hit by Malvertising via AOL Ad Network Advertising Security & Privacy

In this case, victims were redirected through several domains before being dumped on a page hosting an exploit kit, an automated tool that scans for weaknesses in your computer security which hackers can exploit. This campaign uses the Sweet Orange exploit kit, Cyphort said,and if a vulverability was found then the Kovter Trojan executable was installed to take advantage.

The list of the websites infected in this campaign:


As I reported last October, malicious advertising is a persistent problem which is growing worse month by month.  Cyphort says that this latest incident is a continuation of the attack they had previously reported in early January, and that they they think it's going to get worse.

We believe that this trend presents a significant cybersecurity challenge in 2015.  Web site owners should ask questions about their malvertising protection before signing up with ads syndication networks.  More importantly, web site owners should deploy infection monitoring and detection solutions to protect their site visitors from malware infection.

The best way to protect yourself is to use an ad blocking plugin to provide an additional layer of security.

I do.

PC World

image by IntelFreePressYuri Yu. Samoilov

About Nate Hoffelder (9950 Articles)
Nate Hoffelder is the founder and editor of The Digital Reader:He's here to chew bubble gum and fix broken websites, and he is all out of bubble gum. He has been blogging about indie authors since 2010 while learning new tech skills at the drop of a hat. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

2 Comments on Huffington Post, Other Sites Hit by Malvertising via AOL Ad Network

  1. anotherdigitalreaderfan // 4 February, 2015 at 4:11 pm // Reply

    I’ve been enjoying flagfox addon. Shows the country flag of the server you are on in the url box in case you kicked over somewhere unexpected. Nate, recommend any add ons? I know adblock plus and Ghostery are popular.

3 Trackbacks & Pingbacks

  1. Maxthon Updates Windows, Android Web Browsers With Bundled Adblock Plus ⋆ Ink, Bits, & Pixels
  2. Aol Ad Hack – Adidass News
  3. Security Software Found With Superfish-Style Security Holes | The Digital Reader

Leave a comment

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: