Malvertising Campaign Infected Thousands of Users Per Day For More Than a Year

An anonymous reader writes from a report via Softpedia: Since the summer of 2015, users that surfed 113 major, legitimate websites were subjected to one of the most advanced malvertising campaigns ever discovered, with signs that this might have actually been happening since 2013. Infecting a whopping 22 advertising platforms, the criminal gang behind this campaign used complicated traffic filtering systems to select users ripe for infection, usually with banking trojans. The campaign constantly pulled between 1 and 5 million users per day, infecting thousands, and netting the crooks millions each month. The malicious ads, according to this list, were shown on sites like The New York Times, Le Figaro, The Verge, PCMag, IBTimes, Ars Technica, Daily Mail, Telegraaf, La Gazetta dello Sport, CBS Sports, Top Gear, Urban Dictionary, Playboy, Answers.com, Sky.com, and more.

Re:The answer to malvertising

[WorBlux]

Control = responsibility. The ultimate decision weather to serve an advert or not, lies with the domain controller., and thus the ultimate responsibility. Make the primary site liable to malware served through it. In effect this will force ad networks to offer indemnification policies on their ads, and the pointy hair types will finally see a reason to properly screen and sandbox advertisements.