We estimate that the traffic via RoughTed related domains accumulated to over half a billion hits and was responsible for many successful compromises due to effective techniques that triage visitors and bypass ad-blockers.
It is unique for its considerable scope ranging from scams to exploit kits, targeting a wide array of users via their operating system, browser, and geolocation to deliver the appropriate payload. RoughTed is a large malvertising operation that peaked in March 2017 but has been going on for at least well over a year. The actual malvertising instances happened further downstream where threat actors abused various ad agencies.
Given the recent renewed attention about ‘RoughTed’ and Kafeine‘s tweet, we wanted to clarify that RoughTed and associated domains are in fact part of AdMaven’s normal operations.
