Huffington Post, a wildly popular news site, was serving up ads to visitors via AOL's advertising.com website. If you're not using an adblocker with your web browser, you're playing with fire. Plain and simple.
Here is the summary of the events:
- huffingtonpost.ca was hosting an ad from an AOL ad-network [advertising.com]
- The ad redirected through multiple hops
- The landing page served an exploit kit.
- The Exploit kit served a Flash exploit and a VB script
- The script downloaded a Kovter Trojan executable to %temp%
Read more here: http://www.cyphort.com/huffingtonpost-serving-malware/