Categories: SecurityWorkspace

Malvertising Campaign Hits Top Dutch Sites

A new malicious advertising campaign has infected millions of users in the Netherlands through one of the country’s most popular online portals.

The campaign began to spread on Sunday and affects at least 288 sites, including Nu.nl, the most-visited Dutch-language news portal, according to IT security specialists Fox-IT.

Top sites hit

Web analysis firm SimilarWeb estimates that Nu.nl alone had more than 50 million visitors in March. Other affected sites include eBay-style service Marktplaats.nl and well-known news and culture sites, Fox-IT said.

The company said it initially began noticing a rise in security incidents involving exploit kits, and traced the incidents to malware being spread via an advertising provider used by many well-known sites.

The firm contacted the advertising provider, which has begun blocking the malicious web addresses involved.

While the malicious code is now being filtered, Fox-IT said the malicious sites remain active.

“They will be tracking down the affected content provider as this issue has not been fully resolved,” the company said in an advisory.

Complex attack

The campaign bypassed ad network filters by using Internet addresses that loaded external scripts which in turn further redirected traffic toward exploit kits including one known as Angler, Fox-IT said.

Outbreaks of malicious advertising are a growing problem, as criminals find ever-more-sophisticated ways of evading security checks and spreading malicious code to users via top advertising networks.

Last month visitors to the websites of The New York Times, the BBC, MSN, AOL and other well-known sites were exposed to malicious ads that used the Angler exploit kit to spread a type of ransomware called Teslacrypt.

UK targeted

Security researchers found that the attack built up slowly over time, before becoming more visible when higher-profile publishers were targeted.

“It’s important to note that while these popular sites are involved in the infection process they are, much like infected clients, victim of malvertising,” said Trustwave’s SpiderLabs Research at the time.

Exploit kits such as Angler run on web servers and identify software vulnerabilities in client systems, which can then be exploited to install malicious code of the attacker’s choice on that system.

Previous research from Malwarebytes found that the UK is the world’s third-largest target for malicious ad infections, behind only the US and Canada.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Tech Firms Now Face Fines Under Online Safety Act

Ofcom now has power to issue fines and other penalties for failure to remove illegal…

54 mins ago

OpenAI Argues Case For AI-Friendly US Rules

OpenAI document proposes exemption from state regulations, access to copyrighted materials, promotion of US AI…

12 hours ago

Foxconn Misses Profit Expectations After iPhone Sales Drop

Taiwan's Foxconn misses profit expectations for fourth quarter after iPhone sales decline, but predicts rosy…

13 hours ago

Tesla Developing Cheaper Model Y To Stem China Losses

Tesla reportedly developing cheaper version of popular Model Y EV to stem market-share losses in…

13 hours ago

Global Smartwatch Sales Fall For First Time

Worldwide smartwatch sales see first-ever decline as market leader Apple records 19 percent year-over-year drop

14 hours ago