MSN hit by large exploit kit malvertising campaign

By

Angler EK used to plant ransomware and ad fraud code.

Microsoft's MSN web portal has been used by unknown attackers to serve up malicious advertising code that attempted to plant the Angler Exploit Kit on visitors' computers.

MSN hit by large exploit kit malvertising campaign
Image credit: Malwarebytes.

MSN is the default home page for Microsoft's Internet Explorer browser in its Windows operating system, and the company claims several hundreds of millions of visitors click through to the site every month.

Researcher Jérôme Segura from security firm Malwarebytes reported users were served the malvertising when they simply browsed MSN news, lifestyle or other sections.

The attackers abused a German network, Adspirit.de, whose ads were served via the AppNexus online advertising delivery company, in order to silently deploy Angler on users' machines.

Segura said the MSN malvertising campaign is the work of the same, unnamed actors that targeted Yahoo recently, as well as a range of other well-known media sites and web properties such as Drudge Report, Weather.com and online marketplace eBay.

Malwarebytes tracked the chain of sites used to deliver the exploit kit, and found the attackers this time leveraged Red Hat's RHCloud cloud platform to perform multiple site redirections to obscure the origin of the infection attempt. 

A spokesperson for AppNexus told iTnews it had "deactivated immediately and notified all parties involved".

"AppNexus has a dedicated team of engineers and invests heavily in the scanning of creatives. We take notifications like Malewarebytes' very seriously". 

Online advertising has over the past years increasingly been used by internet criminals to spread malware on a large scale, reaching millions of users to infect them en masse.

iTnews has reached out to Microsoft and AppNexus for comment on the incident.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

Log In

  |  Forgot your password?