A malvertising campaign that embedded fake, malicious ads on popular news, entertainment and political websites may have impacted tens of thousands of users in just 24 hours, Trend Micro warned in a blog post yesterday.
According to the security firm, the cybercriminals behind the campaign delivered the infectious ads via a compromised ad network. When users visit a page that loads the malicious ad, they are automatically redirected to two malvertising servers, the second of which delivers the infamous Angler Exploit kit. The kit then downloads a variant of Bedep malware, which exploits vulnerabilities in Adobe Flash and drops a secondary Trojan malware, Evotob.
As of the publishing of Trend Micro's post, many of the affected websites were not carrying the ad anymore, but the campaign still remained active. The details of the blog were very similar to a separately published Trustwave security alert that described malvertising attacks affecting the websites of Answers.com, Zero Hedge and Infolinks, among others. Trend Micro told SCMagazine.com that it likely the same threat, though this cannot be fully confirmed without comparing research.