Skip to main content

Huffington Post, Other Sites Hit by Malvertising via AOL Ad Network

8229504229_47a07ff41f[1]You may have a firewall, antivirus, and other security tools, but that won’t necessarily protect you online.

The security experts at Cyphort reported on their blog yesterday that they are seeing a new wave of malicious advertising attacking visitors to several popular sites:

This Saturday, January 31, 2015 Cyphort Labs detected a malvertising campaign with infections on multiple websites, including the website of Huffington Post (a news aggregator and blog site with more than 51 million monthly visitors). This is a continuation of the attack we have previously reported in early January.

This weekend Cyphort crawler observed a 400% spike in the number of daily infections discovered.

The malvertisements were distributed by, an AOL-owned ad network, as well as two other companies, and Cyphort has already notified AOL that its ad network had become corrupted, and the ads have been removed, but Cyphort reported that they were unable to reach the other two companies.

For those just tuning in, malvertising is a term used to describe adverts which, when you click on them redirect you to a site which either tries to hack your computer tries to infect it with a virus.


In this case, victims were redirected through several domains before being dumped on a page hosting an exploit kit, an automated tool that scans for weaknesses in your computer security which hackers can exploit. This campaign uses the Sweet Orange exploit kit, Cyphort said,and if a vulverability was found then the Kovter Trojan executable was installed to take advantage.

The list of the websites infected in this campaign:


As I reported last October, malicious advertising is a persistent problem which is growing worse month by month.  Cyphort says that this latest incident is a continuation of the attack they had previously reported in early January, and that they they think it’s going to get worse.

We believe that this trend presents a significant cybersecurity challenge in 2015.  Web site owners should ask questions about their malvertising protection before signing up with ads syndication networks.  More importantly, web site owners should deploy infection monitoring and detection solutions to protect their site visitors from malware infection.

The best way to protect yourself is to use an ad blocking plugin to provide an additional layer of security.

I do.

PC World

image by IntelFreePressYuri Yu. Samoilov

Similar Articles


anotherdigitalreaderfan February 4, 2015 um 4:11 pm

I’ve been enjoying flagfox addon. Shows the country flag of the server you are on in the url box in case you kicked over somewhere unexpected. Nate, recommend any add ons? I know adblock plus and Ghostery are popular.

Nate Hoffelder February 4, 2015 um 4:51 pm

I’m just using adblock+ and ghostery at the moment, but here’s a list another reader suggested.

Maxthon Updates Windows, Android Web Browsers With Bundled Adblock Plus ⋆ Ink, Bits, & Pixels February 10, 2015 um 2:27 pm

[…] and possibly malicious ads are a pernicious problem online, so much so that Maxthon is betting that users will be drawn to its latest browser […]

Aol Ad Hack – Adidass News June 4, 2016 um 11:45 am

[…] Huffington Post, Other Sites Hit by Malvertising via AOL Ad Network – The malvertisements were distributed by, an AOL-owned ad network, as well as two other companies … when you click on them redirect you to a site which either tries to hack your computer tries to infect it with a virus. In this case, victims … […]

Security Software Found With Superfish-Style Security Holes | The Digital Reader April 27, 2017 um 9:40 am

[…] the creation of Comodo CEO Melih Abdulhayoglu, and it is intended to protect users from malicious adverts by replacing the untrusted ads with safe ones. That sounds like a great idea, but it turns out that […]

Write a Comment