Evil IFRAMEs

We recently picked up an advertiser who asked if we would host their campaigns using IFRAMEs. All of our other banner advertising on the site is hosted by us; but this new ad would be hosted by THEM. It’s a legit form of serving ads these days, so we didn’t think much of it…

But now it appears their ad network was compromised and serving up malware. Thanks to the efforts of user @eeggee69 we were able to track down the offending code and better yet, trace its path from the IFRAME to a malicious site. The campaign is no longer running. The only solace we have is that sites as large as the New York Times have fallen prey to the same situation..