Categories: SecurityWorkspace

Malvertising Campaign Hits Top Dutch Sites

A new malicious advertising campaign has infected millions of users in the Netherlands through one of the country’s most popular online portals.

The campaign began to spread on Sunday and affects at least 288 sites, including Nu.nl, the most-visited Dutch-language news portal, according to IT security specialists Fox-IT.

HSBC

Top sites hit

Web analysis firm SimilarWeb estimates that Nu.nl alone had more than 50 million visitors in March. Other affected sites include eBay-style service Marktplaats.nl and well-known news and culture sites, Fox-IT said.

The company said it initially began noticing a rise in security incidents involving exploit kits, and traced the incidents to malware being spread via an advertising provider used by many well-known sites.

The firm contacted the advertising provider, which has begun blocking the malicious web addresses involved.

While the malicious code is now being filtered, Fox-IT said the malicious sites remain active.

“They will be tracking down the affected content provider as this issue has not been fully resolved,” the company said in an advisory.

Complex attack

The campaign bypassed ad network filters by using Internet addresses that loaded external scripts which in turn further redirected traffic toward exploit kits including one known as Angler, Fox-IT said.

Outbreaks of malicious advertising are a growing problem, as criminals find ever-more-sophisticated ways of evading security checks and spreading malicious code to users via top advertising networks.

Last month visitors to the websites of The New York Times, the BBC, MSN, AOL and other well-known sites were exposed to malicious ads that used the Angler exploit kit to spread a type of ransomware called Teslacrypt.

UK targeted

Security researchers found that the attack built up slowly over time, before becoming more visible when higher-profile publishers were targeted.

“It’s important to note that while these popular sites are involved in the infection process they are, much like infected clients, victim of malvertising,” said Trustwave’s SpiderLabs Research at the time.

Exploit kits such as Angler run on web servers and identify software vulnerabilities in client systems, which can then be exploited to install malicious code of the attacker’s choice on that system.

Previous research from Malwarebytes found that the UK is the world’s third-largest target for malicious ad infections, behind only the US and Canada.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Virgin Media O2 To Invest £700m To ‘Transform’ 4G, 5G Network

Virgin Media O2 confirms it will invest £2m a day for new mobile masts, small…

1 day ago

Tesla Cybertruck Deliveries On Hold Due To Faulty Side Trim

Deliveries of Telsa's 'bulletproof' Cybertruck are reportedly on hold, amid user complaints side trims are…

1 day ago

Apple Plots Live Translation Option For AirPods – Report

New feature reportedly being developed by Apple for iOS 19, that will allow AirPods to…

1 day ago

Binance Token Rises After Trump Stake Report

Binance BNB token rises after WSJ report the Trump family is in talks to secure…

2 days ago

iRobot Admits ‘Substantial Doubt’ Over Continued Operation

After failed Amazon deal, iRobot warns there is “substantial doubt about the Company's ability to…

2 days ago

Meta’s Community Notes To Use X’s Algorithm

Community Notes testing across Facebook, Instagram and Threads to begin next week in US, using…

2 days ago