Connect with us

Hi, what are you looking for?


Malware & Threats

Forbes Hit by Malvertising Campaign: FireEye visitors might have had their computers infected with malware earlier this month as a result of a malvertising campaign launched through a third-party advertising service, FireEye reported on Tuesday. visitors might have had their computers infected with malware earlier this month as a result of a malvertising campaign launched through a third-party advertising service, FireEye reported on Tuesday.

According to the security firm, users who accessed certain articles on between September 8 and September 15 might have been taken to a landing page for the Neutrino and Angler exploit kits.

These landing pages were set up to exploit vulnerabilities in popular software, such as Flash Player and Internet Explorer, in order to push malware onto victims’ devices.

The attackers abused the services of an advertising network and relied on real-time bidding to ensure that their malicious ads would be displayed. Forbes took steps to address the issue after being notified by FireEye, but visitors had been exposed to malicious advertisements for an entire week.

The fact that both Angler and Neutrino were used in the same attack is not unheard of. The SANS Institute’s Internet Storm Center reported last month that cybercriminals had temporarily switched from using Angler to Neutrino.

Angler is currently considered the best exploit kit since its developers are highly skilled when it comes to adding support for recently patched and even zero-day vulnerabilities. However, cybercriminals seem to be experimenting with other exploit kits as well.

“Malvertising continues to be an attack vector of choice for criminals making use of exploit kits. By abusing ad platforms – particularly ad platforms that enable Real Time Bidding – attackers can selectively target where the malicious content gets displayed,” FireEye said. “When these ads are served by mainstream websites, the potential for mass infection increases significantly, leaving users and enterprises at risk.”

Advertisement. Scroll to continue reading.

This wasn’t the first time Forbes was hit by a malvertising attack. The business magazine’s website was also targeted by sophisticated threat actors who abused in a cyber espionage campaign aimed at U.S. defense contractors, financial services firms and Chinese dissident groups.

Last week, Malwarebytes reported spotting a major malvertising campaign that went almost undetected for three weeks. The attackers had tricked major advertising networks into accepting their ads by posing as legitimate companies. The attack affected high-traffic websites such as eBay, Drudge Report,, eHow Espanol, TalkTalk, News Now, and Manta.

Malwarebytes revealed on Tuesday that the same attackers had also managed to push their malicious ads on, a real estate website with 28 million monthly visits.

“Rogue advertisers are putting a lot of efforts into making ad banners that look legitimate and actually promote real products or services,” Malwarebytes said. “We should also note that the use of SSL to encrypt web traffic is getting more and more common in the fraudulent ad business and that only makes tracking bad actors more difficult.”

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.