There is a proliferation of malicious advertisements, or what some aptly know to be adware, making its rounds on high-traffic sites as of late. In fact, sites such as the New York Times, AOL, BBC, MSN, and the NFL are among a growing list of high-profile sites that have been serving adware that leads to computers being infected with aggressive malware threats.
Malicious advertisements have been a known issue for many years now. Often, adware has made its way into legitimate ad networks where they unknowingly serve malicious advertisements on large and legitimate sites, such as the case of the New York Times, AOL, MSN and many others in a recent discovery made by Malwarebytes.
While many popular ad networks have gotten better about rooting out bad advertisements, there are some that are still behind on their A-game in detection and removal of adware.
Probably one of the more concerning developments to come out of adware found on several high profiles sites is the idea of the malware ported through the malicious ads is the popularized Angler Exploit Kit. Angler has been known as a culprit in the spread of many recent ransomware, malware infections that hold an infected system's files for a ransom fee by encrypting them and offering a decryption resolution for a substantial fee. Not only has the Angler Exploit Kit been a spreading agent for ransomware, but the kit itself is sold and distributed freely on the dark web as a ready-to-use platform for cybercrooks of many different experience levels.
The ads in question that have slipped through ad networks recently on high profile sites have exploited unsuspecting computer users. Many of the advertisements look "normal" and draw no suspicion even when they cause a redirect action to load another site upon a click from a computer user.
Google's ad network, one thought to be utilized on the high profile sites that were found to serve malicious advertisements, has taken major strides to prevent adware. However, the adware served through many of the high-profile sites weren't' restricted just to go through Google's ad network. It appears that many of the ads were served through AOL, AppNexus and Rubicon's networks as well, which are utilized on a broad scale on many well-known and high-traffic sites.
It's been many years since we have witnessed an instance of high profile or high traffic sites serving malicious advertisements on this scale. Our takeaway is that this isn't the last time we will see such take place, and it could mean that we are in store for many more cases of adware being served through popular ad networks and sites now that cybercrooks have found a new method of adware distribution.