Security experts at FireEye have uncovered a new malvertising campaign that exploited the popular Forbes.com news website. The malvertising campaign was discovered earlier this month, according to the analysis published by FireEye, the attackers exploited the Forbes.com website to redirect visitors to pages hosting the malicious Neutrino and Angler exploit kits.
“From Sept. 8 to Sept. 15, 2015, the Forbes.com website was serving content from a third-party advertising service that had been manipulated to redirect viewers to the Neutrino and Angler exploit kits. We notified Forbes, who worked quickly to correct the issue.” states the blog post published by FireEye
The researchers discovered that the malvertising campaign exploited a third-party advertising service, the redirections were triggered on a limited number of old articles.
When the article on Forbes.com was loaded, the third-party advertising service is invoked and a JS file containing an iframe is loaded. That iFrame is used to do the dirty job, it redirects the user to the selected exploit kit.
FireEye reported that the Neutrino kit was the primary choice for the attackers behind the malvertising campaign, but threat actors also discovered the use of the Angler exploit kit is becoming quite common.
“By abusing ad platforms – particularly ad platforms that enable Real Time Bidding, which we’ve covered before here” states FireEye “attackers can selectively target where the malicious content gets displayed.” “When these ads are served by mainstream websites, the potential for mass infection increases significantly, leaving users and enterprises at risk.”
Recently numerous other malvertising campaigns were spotted by security firms, researchers at Malwarebytes recently discovered a campaign relying on the Angler exploit kit that targeted a number of high-profile websites, including eBay UK and Answers.com.
It is quite easy for crooks to exploit on-demand ad platforms that can give them access to a significant volume of traffic on the larger websites.
Malvertising campaigns are usually used by criminal organizations to serve ransomware or other malware such as banking trojan and other ad fraud malicious code.
According to the experts the gang behind the recent malvertising campaigns leveraged a number of large ad networks, including AppNexus, DoubleClick and ExoClick.
(Security Affairs – malvertising, Forbes)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.