Hackers behind the recent malicious advertising attack on the Yahoo ad network are reported to be attacking more websites.
They are reportedly targeting AdSpirit, and infecting Drudge Report, Weather Underground, NetZero and other websites with malicious advertisements.
Malwarebytes Labs security researcher Jerome Segura said this is a similar malvertising campaign that has been carried out for weeks; it’s only moved to a new ad network used by many top publishers.
Hackers are loading the malvertising through AdSpirit.de, redirecting to an Azure website.
The HTTPS encryption used in both URLs is not allowing users to identify the malicious traffic at the network layer.
The malicious ad has now been taken down, but the damage is expected to be vast due the number of monthly visits to the sites.
The monthly visitors of drudgereport.com are 61.8 million; wunderground.com and findagrave.com have 49.9 million and 6 million users respectively. Yahoo has an estimated 6.9 billion views per month across its network.
Segura said: "Malvertising is a silent killer because malicious ads do not require any type of user interaction in order to execute their payload. The mere fact of browsing to a website that has adverts (and most sites, if not all, do) is enough to start the infection chain.
"The complexity of the online advertising economy makes it easy for malicious actors to abuse the system and get away with it. It is one of the reasons why we need to work very closely with different industry partners to detect suspicious patterns and react very quickly to halt rogue campaigns."
