Malvertising campaign targeted the Forbes Website, million users at risks

Security researchers at FireEye have uncovered a new malvertising campaign that exploited the popular news website.

Security experts at FireEye have uncovered a new malvertising campaign that exploited the popular news website. The malvertising campaign was discovered earlier this month, according to the analysis published by FireEye, the attackers exploited the website to redirect visitors to pages hosting the malicious Neutrino and Angler exploit kits.

“From Sept. 8 to Sept. 15, 2015, the website was serving content from a third-party advertising service that had been manipulated to redirect viewers to the Neutrino and Angler exploit kits.  We notified Forbes, who worked quickly to correct the issue.” states the blog post published by FireEye

The researchers discovered that the malvertising campaign exploited a third-party advertising service, the redirections were triggered on a limited number of old articles.

When the article on was loaded, the third-party advertising service is invoked and a JS file containing an iframe is loaded. That iFrame is used to do the dirty job, it redirects the user to the selected exploit kit.


FireEye reported that the Neutrino kit was the primary choice for the attackers behind the malvertising campaign, but threat actors also discovered the use of the Angler exploit kit is becoming quite common.


“By abusing ad platforms – particularly ad platforms that enable Real Time Bidding, which we’ve covered before here” states FireEye “attackers can selectively target where the malicious content gets displayed.” “When these ads are served by mainstream websites, the potential for mass infection increases significantly, leaving users and enterprises at risk.”

Recently, numerous other malvertising campaigns were spotted by security firms, researchers at Malwarebytes recently discovered a campaign relying on the Angler exploit kit that targeted a number of high-profile websites, including eBay UK and

It is quite easy for crooks to exploit on-demand ad platforms that can give them access to a significant volume of traffic on the larger websites.

Malvertising campaigns are usually used by criminal organizations to serve ransomware or other malware such as banking trojan and other ad fraud malicious code.

According to the experts the gang behind the recent malvertising campaigns leveraged a number of large ad networks, including AppNexus, DoubleClick and ExoClick.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase