Beware the Blocker-Busting Malvertising Campaign

Malvertising blocks

Dormant malicious campaigns resurface but are blocked by Media Filter. In-the-wild scanning reveals these campaigns got past other blockers.

Between Dec. 13-16, our Media Filter—also known as a bad-ad-creative blocker—experienced an impressive spike from an old favorite. The spike was attributed to the domains easyemailsuite[.]com and mediaplayer10[.]com, both of which we classify as Critical threats. Both of these are known for pushing adware that when installed delivers users superfluous lower-quality ads that are more likely to be malicious. 

Kinda makes you wanna ride a rollercoaster, right?
Kinda makes you wanna ride a rollercoaster, right?

 

Our Digital Security and Operations team first detected MediaPlayer10 in 2015, which is a few millennia in malware years. After a long disappearance, the domain made multiple attempts at a major comeback throughout 2020, and the latest outbreak slapped our Media Filter blocker into high gear in mid-December. We didn’t just see MediaPlayer10 attempting to make a stink on sites using Media Filter—our scanning caught the domain sneaking past blocking tools with outdated block lists on several publishers. 

Perhaps the scammers were seeking online holiday shoppers? “Give your browser the gift of adware this year! It will never forget—because it’s next to impossible to get rid of!”

But MediaPlayer9 and original easyemailsuite are so good! Why would I update?  
But MediaPlayer9 and original easyemailsuite are so good! Why would I update?


The re-emergence of this bad boy highlights the importance of keeping up a quality blocklist, preferably original-sourced and continuously updated. Publishers and ad tech need to optimize their creative blocklists to minimize latency—that means you can’t have the countless thousands of domains of yore, the annals of malvertising, sitting in your blocklist. It’s not supposed to be an encyclopedia!

And that’s what The Media Trust is here for, anyway—we’ve got a long memory, been at this since 2006. So when we noticed MediaPlayer10 and easyemailsuite lurking about the ecosystem earlier this year, looking prime for a comeback, we added the domain. We (and our clients) were completely prepared for the blitz.

If you’re employing a static blocklist or one powered by a third-party list, you could miss malvertising like this. Your blocklist needs to be informed by a source keeping up with the most recent malware criteria and trends—which includes flashbacks like MediaPlayer10 and easyemailsuite. 

You can’t always just focus on the new hot malvertising—you’ve also gotta be prepared for a blast from the past.