Dive Brief:
- A new wave of malware-infected banner ads have hit major websites including The New York Times, the BBC, MSN, and AOL, according to a report by Ars Technica.
- Ars Technica explained the ads began appearing after a toolkit called Angler -- that sells exploits for Adobe Flash, Microsoft Silverlight and other website software -- began uploading infected ads through a compromised ad network.
- The attacks recall malvertising in August last year that affected banner ads on Yahoo, and a separate attack a month later that sent Forbes visitors to exploit kits, one of which was Angler Exploit Kit.
Dive Insight:
The infected ads hit ad networks from Google, AppNexis, AOL, and Rubicon, and seemed to come from two domains. The infected ads redirect to two malvertising servers with the final stop delivering the Angler Exploit Kit.
“The campaign underscores the vital role that smart browsing plays in staying secure online. One of the most important things users can do is to decrease what researchers refer to as their 'attack surface,'" the Ars Technica article's author Dan Goodin explained. Goodin explained that to avoid malvertising, readers need to uninstall third-party browser extensions such as Adobe Flash and Oracle Java unless they are absolutely necessary.
According to Malwarebytes, malvertising activity had been waning in recent weeks, so the uptick in activity they saw over the weekend was unusual and unexpected. Not only did the malvertising hit a list of high-profile publishers, but per Ars Technica, the ads may have exposed tens of thousands of people just over the weekend.