Visitors to the MSN homepage have been targeted with malicious advertising. According to security researcher Jerome Segura, the malvertising was delivered to users through the AdSpirit advertising network, one of MSN’s advertising partners. Users who clicked on the banner advertisements were re-directed to the RIG and Neutrino exploit kits. An exploit kit is a malicious program used to determine a computer’s vulnerabilities. It then exploits these vulnerabilities by serving a corresponding computer virus. According to Segura, “While we did not collect the payload in these specific attacks, other similar captures of RIG during the same time frame show that CryptoWall ransomware was downloaded onto vulnerable machines.” Ransomware is a type of computer virus that prevents affected users from accessing their files and demands ransom for users to regain access.

This malware campaign seems primarily targeted at German users, as some of the offending advertisements promoted one of Germany’s leading supermarkets. This is not the first time MSN or AdSpirit has served its users malicious advertising. As this is not the first case of a prominent website infecting users through banner advertisements, it may serve as an argument for the use of in-browser ad blockers. As Graham Cluley summarizes: “The likes of Forbes and Yahoo Mail are reportedly trying to block access to users who are running ad blockers. But it's an argument that is losing ground as more and more internet users find their computers are compromised by malvertising.”

The researchers notified the advertising network AdSpirit about the malware campaign and the offending advertisements were removed. According to SimilarWeb, the MSN homepage was visited over a billion times last month. Alexa ranks it as the 22nd most popular website in the world.