A new malicious campaign running since the end of 2014 and based on AOL's advertising network was discovered by researchers. The malicious campaign infects visitors to various websites using AOL ads. Among these are two domains that belong to the popular one Huffington Post.
Malicious activity was first observed in its Canadian version Huffington Post on 31, December of 2014, but on 3 January 2015, the same activity was also observed at huffingtonpost.com.
Security researchers of Cyphort found that the cause of the malware that existed on the websites was coming from AOL's advertising network.
In this way, website visitors were confronted with a JavaScript that decrypted an HTML file and a VB script. Το VB script οδηγούσε στη λήψη μιας παραλλαγής του Kovter Trojan.
Researchers have discovered that malware was coming from advertising.com and adtech.de advertising networks owned by AOL.