Ack! I’ve been poisoned
A rogue advertiser abused the Taggify self-serve ad platform to inject malware-installing code into browsers visiting the websites of two US TV stations.
The ads were then served via the Taggify network to web surfers who visited domain registrar GoDaddy and CBS affiliated TV stations WBTV in Charlotte, North Carolina, and KMOV in St Louis.
This behavior is designed to make the attack more difficult to detect.
In this case, the web domain name used by the malvertisers was parked, meaning its name was registered but it was serving no relevant content, while one of its subdomains hosted the ads.
A GoDaddy DNS account was hijacked to set up this arrangement.
Malwarebytes is due to publish more details on the malvertising scam, unravelled by crack security researcher Jerome Segura, on its blog today. ®
Rise of the machines