Contributor: John Harrison
Symantec has been tracking a large malvertising campaign for over 5 months now. The campaign is still active and uses Dynamic Domain Name System (DDNS) to prevent itself from being tracked.
The campaign spread rapidly and compromised popular domains and adult websites. High profile domains with an Alexa ranking of 5,000 or under have also been compromised. Some compromised websites were cleaned after notice from Symantec products alerted users when the sites were visited. However, many of the domains remain compromised.
The interesting thing about infections delivered through malvertising is that it does not require any user action (like clicking) to compromise the system and it does not exploit any vulnerabilities on the website or the server it is hosted from. Infections delivered through malvertising silently travel through Web page advertisements served by...