Blog

Huffington Post serves malvertising, again.

Posted on August 15th, 2015 by Nick Bilogorskiy

 HuffingtonPost is a very large news website visited by over 100 million people monthly (ComScore Media Metrix).  On Aug 13, Cyphort Labs has identified a malvertising infection on it – we have seen it redirecting visitors to a malicious exploit kit. 

We have detected and reported on HuffingtonPost malvertising on several occasions in the past:

 

This attack appears to be related to the one covered by our friends at MalwareBytes. The HuffingtonPost malicious chain is below:

 finish   class.choozpildyk.com/civis/viewforum.php?<malware>
 redirect   arqadrgbdd.wpara.feeyunippon1.net
 redirect   arqadrgbdd.porsc.thahtparsianinsurance.net
 https  mbiscotti.com
 https   v5tr34-a09.azurewebsites.net
 https   secserv.adtech.de
 redirect   imp.bid.ace.advertising.com
 redirect   uac.advertising.com
 redirect   leadback.advertising.com
 redirect   an.tacoda.net
 redirect   cdn.at.atwola.com
 redirect   o.aolcdn.com
 start  huffingtonpost.com

 

Advertising.com (part of AOL Platforms) was the culprit again. It has 199 million unique visitors per month, and reaches 88.8% of the US internet audience.  We have reached out to AOL security team and reported this issue. 

The cyber criminals are always looking for mass distribution of their payloads and they get their wish fulfilled with malvertising. It is much easier to infect a popular site via its Ads provider and reach millions of people than to try to put malware on the individual victim’s computers. We expect high-profile malvertising cases to continue.

Recent Posts

Categories

By Authors

Monthly Archives