In the past, we have seen a massive amount of vBulletin websites compromised through the VBSeo Vulnerability. Attackers have been infecting vBulletin websites since 2012 with this malware, and more recently with a new variation of the same infection. Ever since this new development, the table datastore in vBulletin has been a prime candidate for attackers to store malicious code where malware can be easily loaded on every visit.
Recently, we came across a malware campaign of vBulletin websites showing malicious ads from popads[.]net for no apparent reason.