A rogue advertiser managed to subvert the Ta.gify self-serve ad platform to push the Angler exploit kit to unsuspecting visitors of two CBS affiliated TV stations. One in St. Louis called KMOV, and the other WBTV, is located in Charlotte, North Carolina.
This malvertising attack leveraged a familiar technique of hijacking GoDaddy accounts to create various subdomains pointing to malicious servers. These are used to host the ad content (JavaScript, image, etc.) but also to hide malicious code and alternate between clean and infected adverts depending on multiple factors (time of day, user agent, IP blacklist, etc).
Full Article
