A new malicious campaign running since the end of 2014 and based on AOL's advertising network was discovered by researchers. The malicious campaign infects visitors to various websites using AOL ads. Among these are two domains that belong to the popular one Huffington Post.
Malicious activity was first observed in its Canadian version Huffington Post on 31, December of 2014, but on 3 January 2015, the same activity was also observed at huffingtonpost.com.
Security researchers of Cyphort identified that the cause of the malware that existed on websites, came from AOL's ad network.
In this way visitors to the website were confronted with a JavaScript that did decrypt ένα αρχείο HTML και ένα VB script. Το VB script οδηγούσε στη λήψη μιας παρchangeς του Kovter Trojan.
Researchers have discovered that malware was coming from advertising.com and adtech.de advertising networks owned by AOL.