Glenn Beck's TheBlaze.com infects site visitors

Media

The radio host's online publication is the latest mainstream website to inadvertently run a malicious advertisement that compromised the computers of readers.

So-called malvertising often targets high-traffic websites to infect as many machines as possible and pull them into a “botnet.”

TheBlaze is the #2-ranked political site, just behind The Huffington Post, with more than 25 million visitors monthly.

This “infection does not look to steal banking credentials, credit cards, or exfiltrate data,” Invincea reports. “The botnet’s goal is to create an ad banner clicking machine, designed to channel advertising dollars directly to the malware author via ad fraud, a burgeoning industry taking advantage of malicious software and malvertising to drive revenue via advertising.”

A botnet is a network of infected computers that is controlled as a group without its owners knowing.

On July 1, an advertiser purposely redirected TheBlaze visitors to a Polish recipe website that dished out a “drive-by exploit” that compromises a user’s machine. 

A customer of Invincea, which sells security software, visited TheBlaze and the malvertisement exploited the customer’s Internet Explorer 11 browser to drop malware previously unknown to anti-virus vendors. Invincea’s software safely isolated the malware, in this case.

“TheBlaze.com itself was not compromised, rather it fell victim to malicious advertising as many legitimate sites do,” the company stressed.