Huffington Post, Other Sites Hit by Malvertising via AOL Ad Network

8229504229_47a07ff41f[1]You may have a firewall, antivirus, and other security tools, but that won’t necessarily protect you online.

The security experts at Cyphort reported on their blog yesterday that they are seeing a new wave of malicious advertising attacking visitors to several popular sites:

This Saturday, January 31, 2015 Cyphort Labs detected a malvertising campaign with infections on multiple websites, including the website of Huffington Post (a news aggregator and blog site with more than 51 million monthly visitors). This is a continuation of the attack we have previously reported in early January.

This weekend Cyphort crawler observed a 400% spike in the number of daily infections discovered.

The malvertisements were distributed by, an AOL-owned ad network, as well as two other companies, and Cyphort has already notified AOL that its ad network had become corrupted, and the ads have been removed, but Cyphort reported that they were unable to reach the other two companies.

For those just tuning in, malvertising is a term used to describe adverts which, when you click on them redirect you to a site which either tries to hack your computer tries to infect it with a virus.


In this case, victims were redirected through several domains before being dumped on a page hosting an exploit kit, an automated tool that scans for weaknesses in your computer security which hackers can exploit. This campaign uses the Sweet Orange exploit kit, Cyphort said,and if a vulverability was found then the Kovter Trojan executable was installed to take advantage.

The list of the websites infected in this campaign:


As I reported last October, malicious advertising is a persistent problem which is growing worse month by month.  Cyphort says that this latest incident is a continuation of the attack they had previously reported in early January, and that they they think it’s going to get worse.

We believe that this trend presents a significant cybersecurity challenge in 2015.  Web site owners should ask questions about their malvertising protection before signing up with ads syndication networks.  More importantly, web site owners should deploy infection monitoring and detection solutions to protect their site visitors from malware infection.

The best way to protect yourself is to use an ad blocking plugin to provide an additional layer of security.

I do.

PC World

image by IntelFreePressYuri Yu. Samoilov

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder and editor of The Digital Reader. He has been blogging about indie authors since 2010 while learning new tech skills weekly. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.


  1. anotherdigitalreaderfan4 February, 2015

    I’ve been enjoying flagfox addon. Shows the country flag of the server you are on in the url box in case you kicked over somewhere unexpected. Nate, recommend any add ons? I know adblock plus and Ghostery are popular.

    1. Nate Hoffelder4 February, 2015

      I’m just using adblock+ and ghostery at the moment, but here’s a list another reader suggested.

  2. […] and possibly malicious ads are a pernicious problem online, so much so that Maxthon is betting that users will be drawn to its latest browser […]

  3. Aol Ad Hack – Adidass News4 June, 2016

    […] Huffington Post, Other Sites Hit by Malvertising via AOL Ad Network – The malvertisements were distributed by, an AOL-owned ad network, as well as two other companies … when you click on them redirect you to a site which either tries to hack your computer tries to infect it with a virus. In this case, victims … […]

  4. […] the creation of Comodo CEO Melih Abdulhayoglu, and it is intended to protect users from malicious adverts by replacing the untrusted ads with safe ones. That sounds like a great idea, but it turns out that […]


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top