Malware distributors somehow managed to deceive two large ad networks into sending malvertizements that stealthy infected the visitors of large websites with scareware applications.
These attacks began on December 3 and were spotted by a cloud-based malware scanning service called HackAlert and operated by Santa Clara-based security vendor Armorize Technologies. HackAlert is used by VeriSign Trust Services, now a division of Symantec, for its daily VeriSign Trust Seal malware scans. So when several high profile websites started being tagged as infected, Armorize was asked to check its platform for possible bugs. Armorize began to investigate the matter and revealed that sites like realestate.msn.com, msnbc.com, scout.com or mail.live.com, were indeed unwittingly infecting their visitors with the scareware applications.
Cyber criminals obtained and registered a domain called adshufffle.com , note the miss-spelling, and posed as the legitimate advertising company named AdShuffle.They managed to get their domain accepted on both the Google-owned DoubleClick network and rad.msn.com, the server used by Microsoft to sent ad's for various sites, including Hotmail and MSN.
The malicious ads served from this domain were not the normal scareware advertisements that falsely claim visitors are infected and offer them a program to fix it. These malvertizements loaded the Eleonore drive-by download toolkit in the background. This toolkit quietly exploits holes in outdated versions of popular applications like Java, Adobe Reader, Internet Explorer and even Windows.
For more information read the article at the Armorize Blog, here:
Most of the sites involved detected the malicious advertisements quickly and filtered them. So the chances of you being infected are slim. If you believe you may have visit one of these infected pages or ads, I suggest you run a full virus scan of your computer immediately. More info on doing that, if you are unsure of how to proceed or don't have AV software, can be found at the below page.