Google Ad Reseller is initiating Maladvertising Campaign

A large scale malvertising campaign has been observed by Cybersecurity firm Fox IT originating from all the Google advertisement services resold from Engagelab.com.

Engagelab.com appears to redirect its advertisement & zone ID’s to a domain, which in turn redirects to the Nuclear Exploit Kit, indicating a possible vandalism at this reseller of Google advertisement services. This Nuclear Exploit kit targets vulnerabilities in Adobe Flash, Oracle Java and Microsoft Silverlight software.

Source: FOX IT

Fox-IT observed the first redirect on April 7th 2015. The company has detected a significantly large amount of infections and infection attempts from this exploit kit among our customers.


It may be noted that malvertising involves malware concealed inside Internet-based ads that are usually pop-ups, banners else animated advertisements.

Now the users are facing probably the biggest ad poisoning ever made – all important ad services are affected. It means that users might get infected just by reading their favorite newspaper or by doing search on famous web indexers.

The security company has a suspicion that this malvertising campaign will be of a very large scale. Although, the firm is still is exerting its strength to identify the exact malware variant victims at use in the attacks.

The Fox IT liveblog affirms:

The domains for the exploit kit itself aren’t directly used for redirection; a secondary site is used as an intermediate. The domains and IP’s used for the exploit kit are constantly changing, to mitigate the threat for now we suggest blocking the website between the legitimate websites and the exploit kit.

Fox IT has observed the following domains for the Nuclear Exploit Kit:
banking.techpool.org
soaring.betsystemreviews.com
supervision.sactown.us

Fox IT has advocated an ad blocker, moreover updating Java, Silverlight and Flash to the latest versions to limit damage.

The firm proclaimed that Google has been notified of the issue.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Become a spy in your own right with Xnspy Android spying app

Having become widely popular among parents and employers, spying apps have become quite the norm nowadays. Android spying apps have made it a lot...

e-Services Portals Potentially Expose Government Infrastructure to File-based Attacks

More and more users are embracing technology to perform their day-to-day activities. It’s not only private businesses that are forced to establish digital channels...

What is Nmap? How to use Nmap for Information Gathering

Nmap stands for Network Mapper, a powerful network scanning and host detection tool that is being used to perform reconnaissance in a very first...

Digital Forensics Investigation using Autopsy In Kali Linux

Autopsy is one of the digital forensics tools use to investigate what happened on a computer. It offers a GUI access to variety of...