We have detected and reported on HuffingtonPost malvertising on several occasions in the past:


This attack appears to be related to the one covered by our friends at MalwareBytes. The HuffingtonPost malicious chain is below:

 finish   class.choozpildyk.com/civis/viewforum.php?<malware>
 redirect   arqadrgbdd.wpara.feeyunippon1.net
 redirect   arqadrgbdd.porsc.thahtparsianinsurance.net
 https  mbiscotti.com
 https   v5tr34-a09.azurewebsites.net
 https   secserv.adtech.de
 redirect   imp.bid.ace.advertising.com
 redirect   uac.advertising.com
 redirect   leadback.advertising.com
 redirect   an.tacoda.net
 redirect   cdn.at.atwola.com
 redirect   o.aolcdn.com
 start  huffingtonpost.com


Advertising.com (part of AOL Platforms) was the culprit again. It has 199 million unique visitors per month, and reaches 88.8% of the US internet audience.  We have reached out to AOL security team and reported this issue. 

The cyber criminals are always looking for mass distribution of their payloads and they get their wish fulfilled with malvertising. It is much easier to infect a popular site via its Ads provider and reach millions of people than to try to put malware on the individual victim’s computers. We expect high-profile malvertising cases to continue.