Malicious advertising attacks (malvertising) have been plaguing mainstream sites and their visitors a lot these past few years.
While some are easy to spot and get rid of, others tend to be much more sophisticated and hard to shine light on.
On Saturday 11th, we discovered a malicious advert that was displayed on huffingtonpost.com as well as other popular sites, such a Zillow.com. This advert was used to deliver the Cryptowall ransomware via a Flash exploit.
The ad was loaded by a third-party advertiser (servedbyadbutler.com) initially called by delivery.first-impression, where it won the real-time bidding auction for $2.31 CPM (cost per thousand impressions).