Major US political commentary and entertainment sites have been hit by a new malvertising campaign, related to the Angler Exploit Kit, security researchers have warned earlier this week.
According to Trend Micro's fraud researcher Joseph C Chen, the campaign targeting users in the US has probably affected tens of thousands of users in the first 24 hours of its existence.
Loads of big publishers have been hit, including MSN.com, NYTimes.com, AOL.com or NFL.com, to name a few. Although the 'big players' have all removed the malicious ad, the campaign is still active, Trend Micro's researcher says.
According to the report, an ad network has been compromised to place the malicious ad on high-profile sites.
"The said ad automatically redirects to two malvertising servers, the second of which delivers the Angler Exploit kit,” it says in the report.
“The exploit kit proceeds to download a BEDEP variant, which, in turn drops a malware we will detect as TROJ_AVRECON.”
Trend Micro’s Chen advises users and businesses to keep their apps and systems updated with the latest security patches, to keep safe from these exploits. Angler Exploit Kit is known to exploit vulnerabilities in Adobe Flash and Microsoft Silverlight, Chen stresses.
The Angler Exploit kit has recently been updated to exploit additional vulnerabilities, researchers say, reminding everyone that this one has been, by far, the most popular malware of 2015.