CryptoWall ransomware with a valid digital signature is being delivered as part of a widespread malvertising campaign, according to Barracuda Labs.
Drive-by downloads were detected as coming from hindustantimes[.]com, bollywoodhungama[.]com, one[.]co[.],il, codingforums[.]com, and mawdoo[.]com, according to a Sunday post, which explains that the ransomware in each instance was delivered via the Zedo ad network.
The initial VirusTotal results showed zero detections; however, the program has since been deemed malicious by additional tools, the post indicates.