The research team of Trusteer recently investigated malvertising campaigns from several of the leading online advertising networks that distribute Blackhole Exploit kits that utilize this vulnerability to compromise user endpoints.
The research team of Trusteer found that Blackhole Exploit kits were being distributed via the Clicksor Ad Network and others. About 9% of the exploits originated from Clicksor, but at least ten other ad networks were hosting similar malvertising campaigns, including: linkbucks.com, Hooqy Media Advertiser, traff.co, bannersbroker.com, adf.ly, paypopup.com, smsafiliados.com and exoclick.co.
Using these ad networks, the malvertising platform allows hackers to reach a very wide audience, while allowing the hacker to distribute the malware at a very low cost.
When an unpatched browser is used to access a site that displays malicious ads, the user could be automatically compromised with malware, without the user even opening the ad, Trusteer.com found.