HuffingtonPost is a very large news website visited by over 100 million people monthly (ComScore Media Metrix). On Aug 13, Cyphort Labs has identified a malvertising infection on it – we have seen it redirecting visitors to a malicious exploit kit.
We have detected and reported on HuffingtonPost malvertising on several occasions in the past:
- December 31, 2014 – HuffingtonPost installs Kovter Trojan via Neutrino exploit kit
- February 3, 2015 – LAWeekly, HuffingtonPost hit by AOL Ad-network malvertising
- July 16, 2015 – Malvertising uses SSL redirectors
This attack appears to be related to the one covered by our friends at MalwareBytes. The HuffingtonPost malicious chain is below:
Advertising.com (part of AOL Platforms) was the culprit again. It has 199 million unique visitors per month, and reaches 88.8% of the US internet audience. We have reached out to AOL security team and reported this issue.
The cyber criminals are always looking for mass distribution of their payloads and they get their wish fulfilled with malvertising. It is much easier to infect a popular site via its Ads provider and reach millions of people than to try to put malware on the individual victim’s computers. We expect high-profile malvertising cases to continue.