Malvertising campaign targeted the Forbes Website, million users at risks

Security researchers at FireEye have uncovered a new malvertising campaign that exploited the popular news website.

Security experts at FireEye have uncovered a new malvertising campaign that exploited the popular news website. The malvertising campaign was discovered earlier this month, according to the analysis published by FireEye, the attackers exploited the website to redirect visitors to pages hosting the malicious Neutrino and Angler exploit kits.

“From Sept. 8 to Sept. 15, 2015, the website was serving content from a third-party advertising service that had been manipulated to redirect viewers to the Neutrino and Angler exploit kits.  We notified Forbes, who worked quickly to correct the issue.” states the blog post published by FireEye

The researchers discovered that the malvertising campaign exploited a third-party advertising service, the redirections were triggered on a limited number of old articles.

When the article on was loaded, the third-party advertising service is invoked and a JS file containing an iframe is loaded. That iFrame is used to do the dirty job, it redirects the user to the selected exploit kit.


FireEye reported that the Neutrino kit was the primary choice for the attackers behind the malvertising campaign, but threat actors also discovered the use of the Angler exploit kit is becoming quite common.


“By abusing ad platforms – particularly ad platforms that enable Real Time Bidding, which we’ve covered before here” states FireEye “attackers can selectively target where the malicious content gets displayed.” “When these ads are served by mainstream websites, the potential for mass infection increases significantly, leaving users and enterprises at risk.”

Recently, numerous other malvertising campaigns were spotted by security firms, researchers at Malwarebytes recently discovered a campaign relying on the Angler exploit kit that targeted a number of high-profile websites, including eBay UK and

It is quite easy for crooks to exploit on-demand ad platforms that can give them access to a significant volume of traffic on the larger websites.

Malvertising campaigns are usually used by criminal organizations to serve ransomware or other malware such as banking trojan and other ad fraud malicious code.

According to the experts the gang behind the recent malvertising campaigns leveraged a number of large ad networks, including AppNexus, DoubleClick and ExoClick.

Pierluigi Paganini

September 24, 2015

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Global InfoSec Awards for 2024 are now Open! Take advantage of co-marketing packages and enter today!