A new malicious campaign running since the end of 2014 and based on AOL's advertising network was discovered by researchers. The malicious campaign infects visitors to various websites using AOL ads. Among these are two domains that belong to the popular one Huffington Post.
Malicious activity was first observed in its Canadian version Huffington Post on 31, December of 2014, but on 3 January 2015, the same activity was also observed at huffingtonpost.com.
Security researchers of Cyphort found that the cause of the malware that existed on the websites was coming from AOL's advertising network.
In this way the website visitors were faced with a JavaScript που έκανε decrypt ένα archive HTML και ένα VB script. Το VB script οδηγούσε στη λήψη μιας παρchangeof the Kovter Trojan.
Researchers have discovered that malware was coming from advertising.com and adtech.de advertising networks owned by AOL.