Cisco System’s threat research group has detected and deactivated a global malvertising campaign which exposed visitors on legitimate sites to the malicious code Neutrino Exploit Kit.
Talos Security Intelligence and Research Group and GoDaddy shut down the malicious server in Russia, which hosted the exploit kit.
Cisco researcher Nick Biasini said that about 1,000 of one million visitors may have been exposed to Neutrino EK, which then tried to transfer the CrypMIC ransomware to their computers.
“GoDaddy quickly responded and was able to mitigate the threat successfully. As of the publishing of this blog the associated malvertising campaign appears to have been successfully shut down and the malicious activity thwarted. Unfortunately, as this is using domain shadowing it’s likely the campaign will only remain dormant for a while, but until then users are protected from this specific threat,” said Biasani.
Biasini emphasized the seriousness of malvertising campaigns noting that as more content continues to move online the primary revenue source for web sites is online ads.