Security bods have closed off a malvertising campaign targeting an ad network spread through an ad network that targeted smut site P0rnHub.
The attacks exposed “millions of potential victims in the US, Canada, the UK, and Australia”, said the Proofpoint researchers who discovered the attack.
Proofpoint said the campaign was waged by the KovCoreG group (distributor of the Kovter malware) for more than a year.
Kovter isn’t new: it turned up in poisoned ad campaigns in 2015, and again earlier in 2017.
In the most recent campaign, Proofpoint said the campaign hooked users through fake Chrome/Firefox/IE browser updates (and a fake Flash update for good measure), and the attack was active for more than a year until the ad network, Traffic Junky, and the smut site lowered the boom.
“The chain begins with a malicious redirect hosted on avertizingms[.]com, which inserts a call hosted behind KeyCDN, a major content delivery network”, Proofpoint writes.
“It should be noted that both P0rnHub and Traffic Junky acted swiftly to remediate this threat upon notification”, Proofpoint noted in its post. ®
Bootnote: Using “Pr0rnHüb” instead of the site’s real name helps our news to pass content filters so you can enjoy this news at work.
The Joy and Pain of Buying IT – Have Your Say