HackDig : Dig high-quality web security articles

Huffington Post serves malvertising, again.

2015-08-15 02:35

 HuffingtonPost is a very large news website visited by over 100 million people monthly (ComScore Media Metrix).  On Aug 13, Cyphort Labs has identified a malvertising infection on it – we have seen it redirecting visitors to a malicious exploit kit. 

We have detected and reported on HuffingtonPost malvertising on several occasions in the past:


This attack appears to be related to the one covered by our friends at MalwareBytes. The HuffingtonPost malicious chain is below:

 finish  class.choozpildyk.com/civis/viewforum.php?<malware>
 redirect  arqadrgbdd.wpara.feeyunippon1.net
 redirect  arqadrgbdd.porsc.thahtparsianinsurance.net
 https mbiscotti.com
 https  v5tr34-a09.azurewebsites.net
 https  secserv.adtech.de
 redirect  imp.bid.ace.advertising.com
 redirect  uac.advertising.com
 redirect  leadback.advertising.com
 redirect  an.tacoda.net
 redirect  cdn.at.atwola.com
 redirect  o.aolcdn.com
 start huffingtonpost.com


Advertising.com (part of AOL Platforms) was the culprit again. It has 199 million unique visitors per month, and reaches 88.8% of the US internet audience.  We have reached out to AOL security team and reported this issue. 

The cyber criminals are always looking for mass distribution of their payloads and they get their wish fulfilled with malvertising. It is much easier to infect a popular site via its Ads provider and reach millions of people than to try to put malware on the individual victim’s computers. We expect high-profile malvertising cases to continue.

The post Huffington Post serves malvertising, again. appeared first on Cyphort.

Source: /notgniffuh-m001/moc.trohpyc.www

Read:4623 | Comments:0 | Tags:Uncategorized

“Huffington Post serves malvertising, again.”0 Comments

Submit A Comment



Blog :

Verification Code:

Tag Cloud