A new malicious campaign running since late 2014 based on AOL's ad network was discovered by researchers. The malicious campaign infects visitors to various websites that use AOL ads. Among them are two domains belonging to popular Huffington Post.
Malicious activity was first observed in its Canadian version Huffington Post on 31, December of 2014, but on 3 January 2015, the same activity was also observed at huffingtonpost.com.
Researchers security of Cyphort found that the cause of the malware that existed on the websites was coming from AOL's advertising network.
In this way visitors to the site were confronted with a JavaScript that decripted an HTML file and a VB script. The VB script led to a variant of the Kovter Trojan.
The researchers discovered that the malware came from the advertisements networks advertising.com and adtech.de owned by AOL.
