Engagelab.com appears to redirect its advertisement & zone ID’s to a domain, which in turn redirects to the Nuclear Exploit Kit, indicating a possible vandalism at this reseller of Google advertisement services. This Nuclear Exploit kit targets vulnerabilities in Adobe Flash, Oracle Java and Microsoft Silverlight software.
|Source: FOX IT|
Fox-IT observed the first redirect on April 7th 2015. The company has detected a significantly large amount of infections and infection attempts from this exploit kit among our customers.
Now the users are facing probably the biggest ad poisoning ever made – all important ad services are affected. It means that users might get infected just by reading their favorite newspaper or by doing search on famous web indexers.
The security company has a suspicion that this malvertising campaign will be of a very large scale. Although, the firm is still is exerting its strength to identify the exact malware variant victims at use in the attacks.
The Fox IT liveblog affirms:
The domains for the exploit kit itself aren’t directly used for redirection; a secondary site is used as an intermediate. The domains and IP’s used for the exploit kit are constantly changing, to mitigate the threat for now we suggest blocking the website between the legitimate websites and the exploit kit.
Fox IT has observed the following domains for the Nuclear Exploit Kit:
Fox IT has advocated an ad blocker, moreover updating Java, Silverlight and Flash to the latest versions to limit damage.
The firm proclaimed that Google has been notified of the issue.