Malicious advertising attacks (malvertising) have been plaguing mainstream sites and their visitors a lot these past few years. While some are easy to spot and get rid of, others tend to be much more sophisticated and hard to shine light on. This past Saturday, we discovered a malicious advert that was displayed on huffingtonpost.com and that was used to deliver the Cryptowall ransomware via a Flash exploit.
During our malware investigations, we are often learning about new techniques or ways the bad guys try to bypass us. But sometimes, we also experience cultural differences or discover some new things about people or countries. Today is such as case, with a bit of a geography lesson brought to us by the RIG exploit kit which takes us to Croatia.
A .gov site for a region of the Philippines has been compromised with a number of different hacks. Anti-ISIS sentiment and a separate phishing attack have both been found on a URL which has seen better days.