Sucuri reports malicious javascripting on finnish economy newspaper kauppalehti.fi which me myself visited on mobile earlier today. Other online scanners show site being clean.
This is not a signature-based rule, but looks for anomaly behaviours that indicate the presence of malware. In this case, our engine found it to be malicious (related to drive-by downloads).
From what I got from Googling it seems to be some sort of Adware. Quite concerning if you think that kauppalehti.fi seems to be one of the biggest and regularly used webnewspapers in finland :-\
It is not only a problem for big finnish newspapers, the malcode was also found with big Dutch newspaper ads, and maybe other sites that were vulnerable to the malvertising campaign. :-[
As they do not always control the lines that deliver such ads, your best bet almost always is to use a good and reliable adblocker,
like I use uBlock Origin.
Furthermore such infestations do not last long, often a couple of hours, and the finnish online newspaper has tackled that problem with kicking up a 301, but initially your only form of protection was a combination of av-script-detection or an adblocker to block that malcoded redirecting link. Redleg’s file-analyzer found and alerted for it right away.
At first I had a bit trouble getting weither the issue was that simply the website seems to have risk with malicious ands being distributed through it’s regular advertisement channels or something malicious put into the website’s core code, since I sometimes have problem of not completely understanding all technicalities people talk about when dealing with these kind of things without more specific details :-[
But apparently the core issue here is (unfortunately) quite regular issue with malicious ads being served within newspapers’ other advertisements avoidable with stuff like Adblock Plus.
