New Version of the Kovter Ransomware Delivered Via Exploit Kits - How to, Technology and PC Security Forum |

New Version of the Kovter Ransomware Delivered Via Exploit Kits

Malicious ads leading to a ransomware infection have been served to the visitors of a few popular websites, among them and the Huffington Post in last days of the year.

The malvertising campaign was first spotted by researchers at Cyphort Lab. The first sites hit by the hoax were the Canadian and the US Huffington Post. According to the experts, the ads were served by, which is an AOL advertising network.

Download a FREE System Scanner, to See If Your System Has Been Affected By Kovter Ransomware.

Kovter Ransomware Delivered Via Exploit Kits

The victims of the malicious ads were automatically linked to a web page hosting an exploit kit (either the Sweet Orange or the Neutrino), which served a new version of the Kovter ransomware.

Kovter ransomware disables the keyboard and the mouse on the compromised machine, and demands 300$ in order to unblock them. The infection goes through the browsing history of the victim, searching for URLs of pornographic sites, which it smartly includes in the ransom message to make it more believable.

AOL has been informed about the issue, and the malicious ads were removed in their and networks.


The Cyphort experts explained that sometimes advertising network fail to detect malicious ads because the cyber criminals hide their creations quite skilfully, or they launch the infection a certain amount of time after the ads are enabled.

Hackers use different techniques, for example serving the exploits to every 20th user who views the corrupted advertisement. They also verify IP addresses and user-agents to avoid malware detection.

Unfortunately, this is not the first case of a Kovter infection being delivered that way. In October last year, experts have spotted a malvertising campaign aimed at YouTube users.

To protect your system from the numerous threats spread online, make sure to use reputable AV products and keep them updated.

Spy Hunter FREE scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the malware tool. Find Out More About SpyHunter Anti-Malware Tool

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share