Compromised Ad Networks Spreading Malware

Blue Coat labs is alerting users that its WebPulse™ network has detected that several major ad-serving networks appear to have been tricked into including ads from a malicious or compromised "partner" site, daniton.com, that is including malicious JavaScript along with some of its banner ads. The JavaScript decrypts itself to inject a hidden iFrame into the host page, which quietly downloads exploit code in the background, including malicious PDF files that exploit vulnerabilities in unpatched versions of Adobe Acrobat Reader. Blue Coat WebFilter customers are protected from this attack, as WebFilter is blocking the malicious ad server, and the exploit servers referenced by the injected iFrames.