The malicious network, uncovered by Cisco Researchers comprise of over 700 domains. They observed nearly 10,000 connections to the malicious domains.
The operation has been dubbed "Kyle and Stan" because most of the domains used in this campaign for distributing malicious software contain "kyle" and "stan" strings in the sub-domain name.
The users website who visit the websites containing malicious ad will be redirected to another website. Users will then be redirected to another page that will serve mac or windows malware based on their user agent.
"The attackers are purely relying on social engineering techniques, in order to get the user to install the software package. No drive-by exploits are being used thus far" Armin Pelkmann, Cisco researcher, wrote in a blog post.