Large-scale Google malvertising campaign hits users with exploits
A large number of ads distributed by a Google advertising partner redirected users to Web-based exploits that attempted to install malware on users’ computers.
Security researchers from Dutch security firm Fox-IT observed the malvertising campaign Tuesday, when ads coming through a Google partner in Bulgaria called Engage Lab started redirecting users to the Nuclear Exploit Kit.
Exploit kits are Web-based attack platforms that try to exploit vulnerabilities in browsers and browser plug-ins in order to infect users’ computers with malware. The Nuclear Exploit Kit specifically targets vulnerabilities in Adobe Flash Player, Oracle Java and Microsoft Silverlight.