All the compromised websites that have PDFs uploaded are calling to command-and-control servers owned by CPABuild, Edwards says. But these stand out, as they all have links back to the advertising firm CPABuild and the members that work for its network, Edwards says.
These kinds of scams have been around for a while, ad fraud researchers say.
