Assessment: Ongoing malicious activity leveraging websockets - to fingerprint a user’s browser and load additional known malicious domains - attached to legit creative scripts. Affected platforms: Sizmek and AOL/AdTech

Additional Details: To date, over 1M ads have been impacted and blocked across Ad Lightning’s partners

Assessment:  Small uptick in redirect activity originating from the Avazu platform targeting iOS users on iPhone and iPad Safari.

Additional Details:  Signature has been identified and blocked across 30+% of  Ad Lightning's clients.

Assessment:  Two additional active threats have been identified and blocked. 

  • Campaign #1:  Two separate creatives have been hijacked by what appears to be a fraudulent Appnexus "reseller", causing redirects across various Publishers.  Campaigns are heavily targeted towards iPad/Safari and are utilizing the images below.
  • Campaign #2:  Three new malicious signatures have been identified that follow similar patterns of obfuscated code attached to legit creative payloads, driving unwanted behaviors for iPhone users.  Originating DSP for this campaign has primarily been identified as AdMixer.

Additional Details:  To date, 1M ads have been impacted across Ad Lightning's partners.

Examples of Hijacked Creatives:

Read More

Assessment:  Emerging redirect campaign detected and blocked.  The ads are loading a malicious cloudfront script that subsequently loads fingerprinting logic to determine if the user is on a mobile device, and will perform a redirect if it's an iPhone.  If not, it's loading the hijacked ad campaign below.

Additional Details:  Campaign has been targeted to US residents only.  Primarily one SSP appears to be impacted.  Originating DSP is PocketMath.

Signature Trend Line

Hijacked Creative

Read More

Assessment:  Currently blocking an increase in malicious activity in the US & UK impacting over 360 domains and 60% of Ad Lightning publishers.  

Additional Details:  Campaign is targeted specifically to mobile, primarily iPhone and at least 3 major SSPs.  As of 6/27 this signature has been blocked across ADL partners almost 1M times.

`` `` ``