Three Adobe Flash Player zero-day vulnerabilities discovered this year were distributed through exploit kits and used malvertising as their primary infection vector.
A case study from Malwarebytes found that two of the vulnerabilities, CVE-2015-0310 and CVE-2015-0311, were distributed through the Angler Exploit Kit, while CVE-2015-0313 was distributed through the HanJuan Exploit Kit. Victims were compromised through malicious ads on various popular websites, including The Huffington Post, the New York Daily News and About.com.
Malwarebytes also found that for CVE-2015-0313 cyber criminals paid an average of $0.75 for each 1,000 pre-qualified users who were exposed to the malicious ads. The cost could drop to $0.06 per user during less trafficked times of day and on less popular websites.
The cyber criminals also used real-time bidding, which allowed them to bid for specific targets, including Windows operating system users, and to display their creative only to them.