The security experts at Cyphort reported on their blog yesterday that they are seeing a new wave of malicious advertising attacking visitors to several popular sites:
This Saturday, January 31, 2015 Cyphort Labs detected a malvertising campaign with infections on multiple websites, including the website of Huffington Post (a news aggregator and blog site with more than 51 million monthly visitors). This is a continuation of the attack we have previously reported in early January.
This weekend Cyphort crawler observed a 400% spike in the number of daily infections discovered.
The malvertisements were distributed by Adtech.de, an AOL-owned ad network, as well as two other companies, adxpansion.com and Ad.directrev.com. Cyphort has already notified AOL that its ad network had become corrupted, and the ads have been removed, but Cyphort reported that they were unable to reach the other two companies.
For those just tuning in, malvertising is a term used to describe adverts which, when you click on them redirect you to a site which either tries to hack your computer tries to infect it with a virus.
In this case, victims were redirected through several domains before being dumped on a page hosting an exploit kit, an automated tool that scans for weaknesses in your computer security which hackers can exploit. This campaign uses the Sweet Orange exploit kit, Cyphort said,and if a vulverability was found then the Kovter Trojan executable was installed to take advantage.
The list of the websites infected in this campaign:
As I reported last October, malicious advertising is a persistent problem which is growing worse month by month. Cyphort says that this latest incident is a continuation of the attack they had previously reported in early January, and that they they think it’s going to get worse.
We believe that this trend presents a significant cybersecurity challenge in 2015. Web site owners should ask questions about their malvertising protection before signing up with ads syndication networks. More importantly, web site owners should deploy infection monitoring and detection solutions to protect their site visitors from malware infection.
The best way to protect yourself is to use an ad blocking plugin to provide an additional layer of security.