Do You Know What Malvertising Is? Featured

We've all become accustomed to seeing ads on websites.  Some sites are slowed down as ads continually load on multiple sides.  This is most evident on sites our kids frequent and frequently complain about, like Cool Math Games.  The continually loading of new ads causes the all too frequent "Dad the website's frozen again!!!"

Most Internet users are aware that ads fit into two main categories.  The first comes from out own Internet history.  Did you just look up swimming suits?  Well now you're being served ads for places selling swimming wear.  The second are ads being pushed so hard you feel like you're seeing them everywhere - sometimes twice on the same page, such as the Prominence Health Plan ad being served twice, right next to each other on the Cool Math Games pages, see the attached image.  We get it, you want to sell health insurance, but these ads are beyond annoying.

There is also a third kind of ad that is taking on a life of it's own and it's effects are far worse than causing irritation.  Malvertising could be infecting a site you regularly visit.

In the the last two weeks multiple sites have been found to be serving malvertising ads, which cause malware infections on the user's computer.  The specific infection being seen is in the Kovter Trojan executable family which once installed it connects to a Command-and-Control server after which the computer can be exploited in any number of ways.

The most recent infected ads have been served via the AOL Ad-Network, advertising.com.  Below is a list of sites known to have served the malvertising:

  • huffingtonpost.ca
  • huffingtonpost.com
  • mandatory.com
  • laweekly.com
  • gooddrama.net
  • fhm.com
  • thewmurchannel.com
  • buzzlie.com
  • mojosavings.com
  • houstonpress.com
  • soapcentral.com
  • theindychannel.com
  • gamezone.com
  • weatherbug.com

After clicking on the infected ad the user is redirected through multiple sites, finally ending up on Polish websites, domain country code .pl.  From Cyphort here is the breakdown of the redirection chain from huffingtonpost.com. 

 

You also might occasionally see an ad that isn't being served, see below.  This tends to slow the the website even further as the ad attempts to load or errors out.  This is also sometimes a result of virus protection blocking a particular ad it knows contains something malicious. 

Typically if you're in need of a certain service we recommend avoiding clicking on those flashy ads.  Rather do your own search and avoid whatever might infect your computer when you thought you were just getting an insurance quote.

 

Last modified onMonday, 12 January 2015 12:24

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Contact us

Phone: (775) 852-1811

Toll Free: (866) 511-1331

Fax: (775) 852-1844

Email: info@tsis.net

Physical Address:

800 South Meadows Parkway

Suite 600

Reno, NV 89521

Log in or Sign up