Maladvertisers targeted L.A. Times sending its thousands of users to Blackhole exploit kit and other malicious sites. Security researcher’s from Blue Coat have discovered a set of malicious domains sending traffic to the searcherstypediscksruns dot com/.net/.org family of Blackhole sites, including adhidclick.com, ortclick.com and several other affiliated sites. These sites were registered During December 2012 as per Bluehost.
The traffic increased with thousands of hits in short time which drew researchers from bluecoat’s attention. When analysed they discovered that the traffic source was L.A.Times , LA Weekly, the Fiscal Times, The Knot Wikia and doubleclick.com.
As per Bluehost blog “All of the sites it relayed traffic to were evil. Besides the exploit kit sites mentioned, there were also a bunch of malicious junk subdomains hosted on a DynDNS host (servehttp.com), a handful of links to what I call “survey hell” sites (basically spam/scam networks that use fake surveys or quizzes as bait), and a couple to a porn-malware site, just for variety. (All of which were flagged in real-time by WebPulse, btw…) “
As per Infosec “All of the victimized host sites are large, popular destinations, but are not likely to be directly compromised, or even directly hosting the malicious ads, Larsen said in a blog post: “Most likely the ads are ending up there as part of the advertising ecosystem. Malvertising is hard to pin down.”
It’s a common practice for maladvertisers to target the larger news media or hijack user accounts of advertisers and spam search engines which is one of the effective way infecting user computers.
