Sign up to our newsletter
AOL has taken steps to stop a set of malicious advertisements being served through their sites, including The Huffington Post, Computer Business Review reports.
SC Magazine explains that the malicious ads were redirecting users to landing pages designed to serve up a couple of exploit kits, which would then take advantage of a Flash vulnerability to download the Kovter trojan (detected by ESET as Win32/Kovter) in a drive-by attack.
Computer World states that the malicious adverts appeared on the American and Canadian versions of The Huffington Post as of December 31, but adds that a number of other sites were also affected, including Weatherbug, Houston Press and Mandatory.
The identity of those behind the attack isn’t clear. Before reaching the attack site, affected users were bounced along a series of other sites – some using HTTPS encryption to hide the servers used. Computer World reveals that one of the HTTPS redirectors used was hosted on a Google Apps Engine page, making it harder to track. Despite this, it was discovered that the site hosing the exploit kit had a domain of .pl – which is the top level domain for Poland.
This kind of attack is not uncommon – indeed, AOL was hit with a similar breach of its ad network just two months ago, along with Yahoo and Match.com. On that occasion, the CryptoWall 2.0 ransomware was responsible, and would attempt to extort a ransom out of its victims – usually to a value of around $500. The hackers behind it were making in the region of $25,000 per day from their cybercrime.
An AOL spokesperson confirmed that the affected adverts no longer appear across the network, adding that “AOL is committed to bringing new levels of transparency to the advertising process, ensuring ads uphold quality standards and create positive consumer experiences.”
Author Alan Martin, ESET