We don’t really hear about it that much, but malvertising can and does target free blogging platforms as well. Just this morning, our friends at Virus Bulletin Martijn Grooten and Adrian Luca wrote about some sites hosted on Google’s Blogspot service pushing tech support scams.
We also caught some malicious activity on the Blogger platform this past week via the PLYmedia ad network. Some Blogspot websites clearly abuse the platform and stuff ads everywhere, leaving little to wonder about what could possibly go wrong?
Adult material
When browsing that Blogspot site, we were automatically redirected to an adult page, which is definitely not good if you have kids around.
Angler Exploit kit
There were also some redirections to the Angler exploit kit via fake advertisers using the fingerprinting technique.
- Ad network: wafra.adk2x.com/ul_cb/imp?p=70368645&size=300×250&ct=html&ap=1300&u=http%3A%2F%2Fzcdnz.blogspot.com%2F2016%2F04%2Ffut-azteca13.html&r=http%3A%2F%2Fzcdnz.blogspot.com%2F2016%2F04%2Ffut-azteca13.html&iss=0&f=1
- Rogue ad server: advertising.servometer.com/pagead/re136646/ad.jsp?click=%2F%2Fwafra.adk2x.com%2{redacted}
- Google Open Referer: bid.g.doubleclick.net/xbbe/creative/click?r1=http%3A%2F%2Fstewelskoensinkeike.loanreview24.com%2FScKOygTMtj_rlf_qIEgRYCq.aspx
- Angler EK landing: stewelskoensinkeike.loanreview24.com/?k=pREU&o=gQ1U2eo&f=&t=MHl&b=O83rsW&g=&n=9rYB42&h=&j=aCYeE9iDym_Ao_T25Uhszm
We have alerted Google about this issue and contacted PLYmedia to let them know about that rogue advertiser.
