A possible continuation of a campaign started in June

Jul 29, 2015 13:17 GMT  ·  By

A malvertising campaign which was first detected July 11 seems to have ramped up in the last few days, spreading malware to "at least 10 million people [...] in the last 10 days" according to Cyphort, a cyber-security platform for malware protection.

Since first detected, the campaign has used advertising platforms like adtech.de and e-planning.net to host and spread their malverts.

Cyphort researchers investigated and concluded that the campaign uses a series of consecutive SSL redirections to mask the true location of the malware, a classic Angler exploit kit.

In the last few days, and especially the last ten, websites like zougla.gr, techz.vn, tvjaa.com, sonicch.com, hochi.co.jp and kienthuc.net.vn have been infected.

Previously, the Japanese edition of the Huffington Post, mangapanda.com, and readms.com, two Japanese sites hosting Manga comics have also been used to spread the aforementioned Angler exploit kit.

Additionally, Indonesian online newspaper bisnis.com has also been infected, along with phununet.com, a social network in Vietnam.

This seems to be an on-going campaign started initially in June

Cyphort reports that sites in the Czech Republic, Germany, Greece, Poland, Sweden, Italy, Thailand, Vietnam, Japan, Indonesia, India, and the US have been infected.

Cyphort researcher Nick Bilogorskiy also points out that this campaign could be the continuation of a similar long-winded malvertising attack carried out in June, detected by Invincea.

In Invincea's investigation, popular sites like Yahoo, CBS Sports, eBay UK, Verizon FiOS, Lance Armstrong's Livestrong NGO, and Perez Hilton's gossip blog were infected.

None of the above-listed websites is to blame for this campaign, since none is aware what ads are being displayed to their customers at all times.

Cyphort (and common sense) advises that you do not access the aforementioned domains, since they may still be infected.