AOL has claimed that it has been able to stop malicious advertisements being served by its advertising platforms.
After malicious ads redirected users to malware-ridden websites, an AOL.com spokesman told PC Advisor that it has taken the necessary steps to fix the problem. “AOL is committed to bringing new levels of transparency to the advertising process, ensuring ads uphold quality standards and create positive consumer experiences,” said spokesperson said.
The malicious ads shown by AOL redirected users to a web page that hosted an exploit kit, according to Cyphort. It found that the exploit kit served up an exploit for Adobe Systems’ Flash program.
Before landing on the attack site, users were passed through a number of other websites, some of which used HTTPS in order to hide the servers used for the attack. Cyphort wrote that one of the HTTPS redirectors that was used was hosted on a Google App Engine page, which made analysis of the redirect harder.
Cyphort’s Nick Bilogorskiy said that he suspects the exploit kit used was NeutrinoEK, but said he also saw similarity between thise and the Sweet Orange kit.
“The purpose of this attack is to install a malicious binary – a new variant of a Trojan, from the Kovter family,” he said.
“The malware was downloaded from indus.qgettingrinchwithebooks.babia-gora.pl:8080, it was an unencrypted binary. After execution it connects to a16-kite.pw for [command and control]. It executes through injecting its payload to a spawned svchost.exe process.”