During the past few days we have witnessed an increase in the number of malvertising incidents involving the Magnitude exploit kit. The last time we blogged about this was in mid November 2015 and we attributed the event to the fact that Magnitude EK had just integrated a newer Flash exploit (CVE-2015-7645). We fast-forward a few months and see that things haven’t changed one bit:
Same ad network (Propeller Ads Media)
Newer Flash exploit (CVE-2015-8651)
CryptoWall
We see the use of “redirectors” which obfuscate the URL to Magnitude:
Leave a reply