Visitors to celebrity gossip site TMZ are the latest targets of a malicious advertising campaign. According to security researcher Jerome Segura, the same campaign targeted visitors of the film review aggregator Rotten Tomatoes and the website of the Jerusalem Post last month. The TMZ site is the largest to be hit by the attack so far: according to SimilarWeb it received 32.7 million visitors last month. 

The malicious advertisements in this campaign are redirecting users to the Angler Exploit Kit. Such exploit kits are designed to exploit security vulnerabilities in order to infect users with malware. These vulnerabilities can include outdated internet browsers, missing critical updates to the operating system, or known exploits in popular programs like Flash or Microsoft Word. If one of these security holes is discovered by the exploit kit, it delivers the corresponding malware to the user’s computer. 

Online advertising networks have become a common infection vector for mass-scale malware campaigns, particularly those involving ransomware. The practice, referred to as malvertising, involves disguising malicious content as online advertising links and distributing it through popular advertising networks. As Segura points out, in this case “The malicious ad only cost $0.19 for one thousand user impressions (CPM), highlighting how cheap and effective malvertising can be.” 

When a user clicks on one of these ads on a seemingly trustworthy site they are re-directed to malicious content. In the past year, malvertising attacks have affected several prominent websites including Microsoft’s MSN web portal, Yahoo, and AOL. In addition to having an up-to-date antivirus program, users can also protect themselves by using an ad-blocker.