In accordance with analysts, the malicious (malvertising) advertising campaign has impacted popular sites including Java.com, TMZ.com, DeviantArt.com, Photobucket.com, eBay.ie, IBTimes.com, TVgids.nl and Kapaza.be.
Those sites themselves haven’t been affected, however, many of the ads they’d displayed between August 19 and August 22 were designed to reroute individuals to malicious websites.
Fox-IT saw a larger amount of infections during this time period, which isn’t unexpected considering that the infection process occurs in the background, without having the target click on the malicious ad.
Users where redirected to the Angler exploit kit, which attempts to load malware onto computers by exploiting vulnerabilities in software including Flash Player, Microsoft Silverlight and Java. The threat dispersed with this campaign was Rerdom, which Fox-IT originally, mistook, and tweeted it was Asprox due them being related.
@foxit Rerdom is distributed via Exploit Kits: https://t.co/LsBWtRlDRI
And is an affiliate install via Asprox: http://t.co/jYz5k22OIi— Kimberly (@StopMalvertisin) August 27, 2014
“We have seen examples where the website that helped with the ad redirect to infect a user had no idea it was helping the delivery of certain content for a certain ad provider,” Fox-IT’s Yonathan Klijnsma stated in a post.
The advertiser whose services were misused within this campaign is AppNexus, a New York City-based firm that specializes in real-time internet marketing.
The organization took actions to remediate this matter after being informed by Fox-IT, however, this is not the first time it had been linked to a malvertising campaign. Klijnsma noted how the same company’s services were neglected two months ago to serve malicious ads via Skype.