Image

Image

"The fake ad server infrastructure grew during the past few months and our honeypots caught 3 sequential IP addresses that host over a hundred rogue ad domains. All of these domains have been registered with the intention of looking like advertising platforms. While some domains were used for long periods of time, most switched every day or so to let a new one in."All fake ads that come with that malicious script redirect to one location: a landing page for the RIG exploit kit. For this campaign, the malicious software package comes with the ability to exploit a vulnerability in Adobe Flash Player. That particular exploit code is protected by SWFLOCK, online technology which provides code obfuscation and encryption for Flash files.
Image

"The HookAds malvertising campaign is still running at the time of writing this post, with new rogue ad domains getting registered each day. We are blocking the malicious IP range to protect our customers and Malwarebytes Anti-Exploit users are also shielded against the RIG exploit kit."Users can protect themselves by making sure RIG finds no open security holes on their systems. That means they should implement all software updates as soon as they become available and maintain an up-to-date anti-virus solution on their computers.