Celeb goss and dross site TMZ has been serving the world's worst exploit kit to its 30 million monthly visitors after malvertising scum compromised its advertising chain.
Readers of the site can be automatically redirected to malicious pages that serve the brutal Angler exploit kit which loads malware capable of all manner of data theft and ransomware including the horrid Cryptowall.
The attacks are the latest in a campaign that has targeted major websites including Rotten Tomatoes, Makeuseof, and the Jerusalem Post.
Malwarebytes researcher Jerome Segura says the attackers gained access through ad platform ContextWeb and Smartyads, using CloudFlare to hide infrastructure.
"The malicious ad only cost $0.19 for one thousand user impressions, highlighting how cheap and effective malvertising can be," Segura says.
"While we did not collect the payload in this case, it is quite likely to be one of the many different strains of ransomware."
According to Segura, CloudFlare is investigating the use of its network by malvertisers – but he added that the ad networks have kept mum.
|Feature: Malware menaces poison ads as Google, Yahoo! look away|
The attackers use fake identities to fool the ad networks and benign-looking sites to cloak the attacks and backend infrastructure.
Boring ads are shown to ad-men conducting checks on those seemingly benign redirection sites. Only readers of compromised sites like TMZ or Rotten Tomatoes bear the referrer ticket that will trigger the attack.
The campaign has compromised some of the world's most popular sites. The top 10 most visited of those compromised sites all attract between 4.4 million and 39.1 million visitors a month, making it one of the more effective malvertising operations of late. ®