The Netherlands has been hit by a massive malvertising attack, which began affecting websites on 10 April. The new malicious advertising campaign has reportedly affected millions of users via a host of the country's most popular websites.
Security specialist Fox-IT was the first to report the malvertising attack. The security firm noted that around 288 Dutch websites were affected, which included Nu.nl, the most-visited Dutch language news online portal. A compromised advertising is believed to be responsible for the malicious ads campaign, which aimed to infect users' computers and phones with malware.
The websites affected were found to contain malware from malware exploit kits, chief among them being the notorious Angler exploit kit. In March, popular news portals like the BBC and The New York Times were affected by malicious ads spread via the Angler exploit kit, which infected the website's visitors with a ransomware called Teslacrypt.
Teslacrypt is one of the Angler exploit kit's specific ransomware, designed to infect the user's computer with a ransomware that essentially holds the user's data hostage via encryption. After a victim's files have been encrypted the victim receives a ransom note with instructions on how to go about recovering their files.
The Angler exploit kit is essentially a toolkit designed by malicious cyber criminals, who market it to Adobe Flash, Microsoft Silverlight and other such popular software programs. The malware is designed to locate and identify vulnerabilities in visitors' computers and infect the system such that, it leaves the device vulnerable to future exploitations like installing ransomware.
Fox-IT reportedly alerted the affected ad provider, who was quick to respond and remove the malvertising targeting other websites. However, although the malicious codes being served up via the ad provider are now being filtered, they are yet to be completely taken offline.