Malicious ads impact, TMZ and Photobucket site visitors, firm finds

Share this article:
PlayStation Network downed by DDoS attack, other gaming networks hit too
Malicious ads impact, TMZ and Photobucket site visitors.

A number of high-profile websites, including, and, were impacted by a malvertising campaign which spread malware to online visitors.

According to Fox-IT, which blogged about the threat Wednesday, at least eight websites were found hosting poisoned ads, which were rigged to include the Angler exploit kit.,,,, and were also among the group of targeted sites.

Fox-IT observed the attacks on its clients between Tuesday and Friday of last week, the company revealed.

“Upon landing on this exploit kit, a few checks were done to confirm whether the user is running a vulnerable version of either Java, Flash or Silverlight,” the post said, detailing the attack. “If the user was deemed vulnerable, the exploit kit would embed an exploit initiating a download of a malicious payload. In this campaign it was the Asprox malware.”

In a Thursday interview with, Yonathan Klijnsma, cybercrime security expert at Fox-IT, said that it was later determined that a component of the Asprox botnet, called “Rerdom,” was being spread as one of the main malicious modules.

“[Rerdom causes] the infected computers to click on advertisements,” Klijnsma said, adding that the Windows malware allows scammers to “perform ad fraud on a large scale.”

Fox-IT noted that attackers targeted ad network AppNexus to poison the advertisements. In its blog post, the firm said that visitors didn't need to click on the malicious advertisements to be infected, as the attack occurred “silently in the background as the ad is loaded by the user's browser.”

In his interview, Klijnsma advised users to disable any browser plug-ins that are barely used, or to make sure they are updated if in use, to prevent similar attacks from occurring.

AppNexus addressed the issue on Friday, he added, and the firm has remained in contact with the advertiser to make sure the campaign is no longer active.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.