VERY IMPORTANT

During the past few weeks there has been an increase in malvertising attacks, for example via a series of compromises of open source Revive ad servers which is still continuing. What’s interesting to note is that some compromised sites have more value than others and this is especially true when those sites happen to be used to serve ad banners. The ultimate reach of the malicious code being tied to how much traffic a site will receive, ad servers are the ideal candidate since they are used by hundreds or thousands of other websites relying on advertising. The conditionally injected script redirects to the Afraidgate campaign, which in turns pushes the Neutrino exploit kit. We are accustomed to seeing this gate operate directly from ‘typical’ (compromised) websites, but not so much from ad serving ones.