A new malicious campaign running since the end of 2014 and based on AOL's advertising network was discovered by researchers. The malicious campaign infects visitors to various websites that use AOL ads. Among them are two domains belonging to the popular Huffington Post.
Malicious activity was first observed in its Canadian version Huffington Post on 31, December of 2014, but on 3 January 2015, the same activity was also observed at huffingtonpost.com.
Security researchers of Cyphort identified that the cause of the malware that existed on websites, came from AOL's ad network.
In this way, website visitors were confronted with a JavaScript that decrypted an HTML file and a VB script. The VB script was leading to the download of a variant of the Kovter Trojan.
Researchers have discovered that malware was coming from advertising.com and adtech.de advertising networks owned by AOL.