Domains tainted by RoughTed malvertising reap half a billion hits

Some of which comes from Alexa top 500 websites

Reg comments Got Tips?

A strain of adblocker-aware malvertising is responsible for a range of scams, exploits and general skulduggery.

RoughTed can deliver a variety of payloads including exploit kits and malware. Hackers are leveraging fingerprinting and adblocker-bypassing techniques in a bid to ensure that marks are served content from RoughTed-tainted domains. The various nuisances pushed by the campaign also include adware for Macs, rogue Chrome extensions, tech support scams and surveys.

Traffic comes from thousands of publishers, some ranked in Alexa's top 500 websites. Contaminated domains accumulated over half a billion visits in the past three months alone, according to security firm Malwarebytes.

The threat actors behind RoughTed have been leveraging the Amazon cloud infrastructure, in particular its Content Delivery Network (CDN), while also blending in the noise with multiple ad redirections from several ad exchanges, making it more difficult to identify the source of their malvertising activity.

RoughTed is a large malvertising operation that peaked in March 2017 but began over a year ago and remains at large. It's unusual in that it targets a wide array of users according to their operating system, browser and geolocation before delivering the appropriate payload.

Malwarebytes came across RoughTed while studying the Magnitude exploit kit, as explained in a blog post here. ®


Keep Reading

EU tries to get serious on cybercrime with first sanctions against Wannacry, NotPetya, CloudHopper crews

Russian, Chinese, Nork groups named in bank asset freeze

Amazon makes 850,000m2 bet that its people will get off the kitchen table and back to an office

Cloud and e-commerce boom mean it needs more desks and people that originally planned

Russian super-crook behind $20m internet fraud den Cardplanet and malware-exchange forum pleads guilty

Now 29-year-old faces years in the clink after long battle to bring him to justice

Amazon gets green-light to blow $10bn on 3,000+ internet satellites. All so Americans can shop more on Amazon

Jeff knows you've gotta spend money to make money

CSI: coming soon to a screen near you

'Counterfeit Stuff Investigation' team staffed by former federal prosecutors to go after dodgy merchants and makers

Yes, there's lots of COVID-19-themed scuminess around – but otherwise the level of cybercrime is the same

A shift in badness doesn't mean more badness overall, says Secureworks

Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID

Claims consent was neither informed, nor specific, nor free – but Google says it cannot identify a user from the ID

Google, Amazon pass on UK Digital Services Tax by hiking ad prices, fees at same rate the government takes

Which means you get to pay, because cost of ads, sellers' fee hikes are built into prices, so once the tech titans charge more ... you get the drift

Biting the hand that feeds IT © 1998–2020