Malvertising attacks appear to be highly popular among cybercriminals in 2014. After Yahoo and DailyMotion, experts say they’ve spotted a malvertising attack against users in South Africa.
According to Blue Coat, the visitors of the Mail and Guardian news website (mg.co.za) are being served malicious ads that redirect them to a server in the Netherlands. In turn, this server takes victims to various subdomains on gooway.info.
These websites are designed to push fake antiviruses. The malicious programs inform victims of bogus malware infections. In order to remove the threats, users are instructed to activate the application.
Of course, the security apps are bogus. There are no infections and those who pay up are only paying to have the annoying warning removed, not to actually clean their computers.
I’m not sure if this attack is related to the one that targeted Daily Motion users, but they are similar.