Cybersecurity firm Fox IT has observed a virulent malvertising campaign stemming from Google ad reseller Engagelab.com and all advertisement services resold through its site.
The compromised website is redirecting all traffic to an outside domain that ultimately redirects to a Nuclear Exploit Kit targeting vulnerabilities in Adobe Flash, Oracle Java and Microsoft Silverlight software.
The security firm observed the first redirect on Tuesday and subsequently detected a significant amount of infections and infection attempts from the exploit kit.
Fox IT suspects the malvertising campaign to be "of a very large scale." However, the firm has yet to identify the exact malware variant at use in the attacks.
From the Fox IT live blog:
The domains for the exploit kit itself aren't directly used for redirection; a secondary site is used as an intermediate. The domains and IP's used for the exploit kit are constantly changing, to mitigate the threat for now we suggest blocking the website between the legitimate websites and the exploit kit.
Fox IT also recommends using an ad blocker, in addition to updating Java, Silverlight and Flash to the latest versions.
The firm says Google has been notified of the issue.