The
SSL malvertising campaign we documented in August that affected
Yahoo.com,
MSN.com and several other top sites is still ongoing. This time around it is striking on adult portals, including top domain
xHamster.com which has close to half a billion monthly visits.
What allows us to differentiate it from
other malvertising attacks are some similar patterns in the infrastructure, such as the use of free cloud-based platforms providing Secure Sockets Layer (SSL).
We have observed the Microsoft
Azure and
RedHat cloud platforms and now are seeing IBM’s
Bluemix being leveraged by threat actors who enjoy the free HTTPS encryption that it provides them in the delivery of malicious code.
