According to IT News, there has been a long-running malvertising campaign – known as AdGholas – that infected thousands of computer each day. This resulted in between 1 million and 5 million page hits from malicious advertisements in over 100 ad exchanges. It is estimated that AdGholas current configuration has been running since summer of 2015, but evidence suggests that a separate configuration may have been running since 2013. Once the network of OS was infected, the web-based attacker attempted to exploit vulnerabilities in popular applications and install malware.
Why Did It Last So Long?
“Our analysis with colleagues from Trend Micro found that AdGholas campaigns do not all work the same way, but all do have the same multi-layered filtering and obfuscation. For instance, the redirect tag is being sent in several ways. We saw the xhr-sid sent as response header to a POST to GIF, but it is sometimes hidden at the end of an “addStats” hash in the initial landing”