Celebrity gossip website TMZ, which brings in 30 million readers every month, has become the latest victim of a malvertising campaign. The site now joins the list of big names impacted by the malware-infected ads.
Jérôme Segura, a security researcher at Malwarebytes, published a blog post revealing how the gossip site has been plagued by the exploit.
"The same ad chain pattern from ContextWeb (PulsePoint) to Smarty Ads and eventually various rogue advertisers can be observed," explains Segura. "The latter are leveraging cloud security provider CloudFlare’s infrastructure to hide their server’s real location as well as encrypt the ad delivery."
This is how the malware-infected campaign operates. As soon as readers go to the ad page, the malevolent code will then start scanning their computers for vulnerabilities. Users will then be rerouted to the malicious Angler exploit kit which downloads harmful attacks into their PCs.
It wasn't too long ago when Segura posted another blog claiming that he and his colleagues have unearthed a malvertising campaign which targeted large publishers, such as LifeBuzz, Jerusalem Post, Rotten Tomatoes.
Back then, the team uncovered that most of the advertisers who are benefiting from the campaign "are leveraging the CloudFlare infrastructure to hide their backend server and encrypt their traffic as well." He also added that the cybercriminals are using proxy registration information for the domain.
Today, the most recent post reveals that malicious ads served through the gossip site costs only $0.19 for one thousand user impressions (CPM). As a point of comparison, a malicious ad served through Rotten Tomatoes was only $0.14 per a thousand impressions. This shows how inexpensive malvertising costs are and signifies that this campaign has the great potential to infect a huge number of readers across the globe with the malware.
In the meantime, Segura says that CloudFlare is currently looking into the Malwarebytes' reports. It adds that the firm is still looking forward to a response from ContextWeb.
At any rate, it is always wise to be cautious when clicking on ads on any website, even on trustworthy ones.
