Security firm Fox-IT reported in their blog post massive attack on most popular websites in Netherlands. According to the firm, at least 288 websites were spreading malware through malicious advertisements, infecting millions of users. The attack was spotted on Sunday, April 10.
Hackers were using Angler to deploy CryptoWall 4.0 ransomware.
List of popular websites with exploits:
- nu.nl
- marktplaats.nl
- sbs6.nl
- rtlnieuws.nl
- rtlz.nl
- startpagina.nl
- buienradar.nl
- kieskeurig.nl
- veronicamagazine.nl
- iculture.nl
- panorama.nl
The following two domains have been observed to redirect the users from the affected websites towards the exploit kits. Blocking these two domains will aid in stopping the redirects for now:
- traffic-systems.biz (188.138.69.136)
- medtronic.pw (188.138.68.191)
