We’ve all become accustomed to seeing ads on websites.  Some sites are slowed down as ads continually load on the sides.  This is most evident on sites our kids frequent and frequently complain about, like Cool Math Games.  The continually loading of new ads causes the all too frequent “Dad the website’s frozen again!!!”

Most Internet users are aware that ads fit into two main categories.  The first comes from out own Internet history.  Did you just look up swimming suits?  Well now you’re being served ads for placing selling swimming wear.  The second are ads being pushed so hard you feel like you’re seeing them everywhere – sometimes twice on the same page, such as the Prominence Health Plan being served twice, right next to each other on the Cool Math Games pages.  We get it, you want to sell health insurance, but these ads are beyond annoying.

There is also a third kind of ad that is taking on a life of it’s own and it’s effects are far worse than causing irritation.  Malvertising could be infecting a site you regularly visit.

In the the last two weeks multiple sites have been found to be serving malvertising ads, which cause malware infections on the user’s computer.  The specific infection being seen is in the Kovter Trojan executable family which once installed it connects to a Command-and-Control server after which the computer can be exploited in any number of ways.

The most recent infected ads have been served via the AOL Ad-Network, advertising.com.  Below is a list of sites known to have served the malvertising:

• huffingtonpost.ca
• huffingtonpost.com
• mandatory.com
• laweekly.com
• gooddrama.net
• fhm.com
• thewmurchannel.com
• buzzlie.com
• mojosavings.com
• houstonpress.com
• soapcentral.com
• theindychannel.com
• gamezone.com
• weatherbug.com

After clicking on the infected ad the user is redirected through multiple sites, finally ending up on Polish websites, domain country code .pl.  From Cyphort here is the breakdown of the redirection chain from huffingtonpost.com.

You also might occasionally see an ad that isn’t being served, see below.  This tends to slow the the website even further as the ad attempts to load or errors out.  This is also sometimes a result of virus protection blocking a particular ad it knows contains something malicious.

Typically if you’re in need of a certain service we recommend avoiding clicking on those flashy ads.  Rather do your own search and avoid whatever might infect your computer when you thought you were just getting an insurance quote.

[whohit]malvertising[/whohit]