## Wall Street Journal Misses Malvertising Story – Congressional Phishing Tip

From the post:

Researchers from cybersecurity firm Proofpoint have recently discovered a large-scale malvertising campaign that exposed millions of Internet users in the United States, Canada, the UK, and Australia to malware infections.

Active for more than a year and still ongoing, the malware campaign is being conducted by a hacking group called KovCoreG, which is well known for distributing Kovter ad fraud malware that was used in 2015 malicious ad campaigns, and most recently earlier in 2017.

The KovCoreG hacking group initially took advantage of POrnHub—one of the world’s most visited adult websites—to distribute fake browser updates that worked on all three major Windows web browsers, including Chrome, Firefox, and Microsoft Edge/Internet Explorer.

According to the Proofpoint researchers, the infections in this campaign first appeared on POrnHub web pages via a legitimate advertising network called Traffic Junky, which tricked users into installing the Kovtar malware onto their systems.

When you spend your time spreading government directed character assassination rumors about Kerpersky Lab, you miss opportunities to warn your readers about malvertising infections from PornHub.

Just today, the Wall Street Journal WSJ left its readers in the dark about Kovter ad fraud malware from PornHub.

You can verify that claim by using site:wsj.com plus KovCoreG, Kovter, and PornHub to search wsj.com. As of 15:00 on October 9, 2017, I got zero “hits.”

The WSJ isn’t a computer security publication but an infection from one of the most popular websites in the world, especially one of interest to likely WSJ subscribers, Harvey Weinstein, Donald Trump, for example, should be front page, above the fold.

Yes?

PS: Congressional Phishing Tip: For phishing congressional staffers, members of congress, their allies and followers, take a hint from the line: “…POrnHub—one of the world’s most visited adult websites….” Does that suggest subject matter for phishing that has proven to be effective?