Would you like some malware to go with your news, sir?
Forbes thought its malware spreading woes ended when they removed the malicious code which was spreading through their Flash-built “Thought of the day” feature. They thought wrong, as their site served malware to visitors through ads placed on the site. Long live ad blockers, I guess.
According to security firm FireEye, the site has been serving malware to its visitors through ads placed by an advertising company, which has had two of its sites corrupted.
Forbes was notified and took action. But before that happened, things were pretty bad.
"The Forbes.com website was serving content from a third-party advertising service that had been manipulated to redirect viewers to the Neutrino and Angler exploit kits. We notified Forbes, who worked quickly to correct the issue," said the security firm FireEye in a statement.
"This type of malicious redirection is known as malvertising, where ad networks and content publishers are abused and leveraged to serve ads that redirect users to malicious sites.
"Malvertising continues to be an attack vector of choice for criminals making use of exploit kits... When these ads are served by mainstream websites, the potential for mass infection increases significantly, leaving users and enterprises at risk."
"The malicious creatives identified were isolated to a single advertiser and immediately suspended," Forbes said on its website.
"Forbes has strict practices in place to protect against these kinds of incursions and will make any necessary changes to be sure such incidents do not occur again."