Major Uptick in Exploit Activity: Here's What We Know So Far

Bad ads are popping up everywhere.

Bad ads are popping up everywhere.

If you feel like you’ve seen a lot of sketchy looking offers taking over your browsing windows lately - you’re not alone.

Over the last two weeks, DEVCON’s web security platform as observed and blocked a surge in exploits across the web. The increase in volume isn’t slowing down - but here’s a by-the-numbers breakdown of the attacks so far:

Exploit Activity Up by 428%

The increased activity started on Thursday, 3/28 and peaked (so far) on Friday, 3/29. Daily volume on that Friday was 428% higher than we would expect given recent benchmarks.


6 Exploits are Doing a Lot of Work

While a variety of exploits have been detected during this period, 45% of the volume is concentrated in just 6 exploits.


Two of these are versions of the browser hijacker DEVCON researchers have named “Party Cry,” and two are tracking pixels from server farms located in Russia and Nigeria.

70% (or More) of Users are At Risk

On average - that is, when attack volume is not exceptionally high - 70% of a site’s users are exposed to an at-risk ad every month. There’s no evidence that these aggressive exploits are targeting unique users, so the increase in overall volume may not have a proportional lift in the percentage of users exposed. But as bad ads increase, so do the chances that a user will associate those bad ads with the sites they visit. Those users may choose to click elsewhere or even install ad blockers to counteract the problem.

It’s a good idea for web users and site publishers to circle the wagons.


Users should be extra vigilant about when and where they click. Criminals use these fake offers to generate revenue and collect data about everyday folks. If you see an offer you’d actually like, verify it by doing your own searching before providing any information to a service you’ve seen through an ad. Ignore limited time warnings and other language to create urgency - these are usually signs of something sketchy.

If you’re a site publisher, you should be aware that your inventory is especially at risk. DEVCON customers can log in and see what’s happening on their site in the Alerts Manager dashboard. If you’re not a DEVCON customer and you’d like to start monitoring for this activity on your site, contact us to get started.

Andy Kahlmalvertising