Visitors to the New York Daily News website or Metacafe website recently could have been infected with malware, according to Malwarebytes.
The malware was being delivered via advertising redirected users to the Hanjuan Exploit Kit. Researchers only observed the exploit taking advantage of a recently patched Adobe Flash Player zero-day vulnerability – CVE-2015-0313.
The threat is a an auto download attack that requires no user interaction, meaning no clicking is required to become infected
This a stealth infection on a very public site that users expect to be “safe”. This is an example of why workstations need to be running up to date virus programs and have the latest security updates installed.