Traffic Distribution Systems —often spelled just TDS— are becoming the next big thing in the world of cybercrime operations.
For the uninitiated in the lingo and terms used by security researchers, a TDS is a web application that takes incoming traffic, filters it based on various criteria, and then redirects the user to a "landing page" that can be an exploit kit, tech support scam, or website pushing a fake update.
The incoming traffic is always illicit and usually comes from two main sources —malicious ads (malvertising) that secretly swoops the user off a legitimate site to the TDS; or from hacked websites that redirect random users from the legitimate site to the TDS.
TDS systems broke off from exploit kits
A few years ago, traffic distribution systems were nothing more than components of larger hacking utilities called exploit kits.
Older exploit kits such as Angler and Nuclear would usually include a TDS (usually referred as "gates" or "fingerprinting system") that filtered traffic before users landed on a web page where they were infected with malware via an exploit —hence the name exploit kit.
....
....
....
....
