Malicious advertising offers broad reach and quick rewards for malware perpetrators

  • 12 March 2014
  • 0 replies
  • 2 views

Userlevel 7
Badge +54
Dynamic, expanding advertising scene opening juicy targets for Internet bandits
A burgeoning and dynamic online advertising market is creating an abundance of opportunity for cyber criminals.

It's doing that by giving online bandits a vehicle for infecting millions of users through some of the biggest names on the Internet with malicious advertising. The ads are fed into web pages of legitimate sites without the site operator's knowledge and can infect visitors to those pages unbeknown to them, too.

Malicious advertising has been around for years. In 2009, for example, New York Times web pages were discovered serving up ads that fostered a bogus anti-virus scam popular at the time. Now though, the malaise is more subtle and much more vicious. Earlier this year, both Yahoo and YouTube were victims of malvertising schemes designed to silently plant pernicious programs on the machines of visitors to those websites.

In addition to growing more virulent over the years, the malpractice has also grown in size. At the end of 2010, Dasient, a web security company since acquired by Twitter, estimated three million malicious advertising impressions were being posted to the Internet daily. Two years later, the Online Trust Alliance estimated that in 2012 alone, 10 billion malicious impressions were posted to the Net, and that one in every three ad networks was serving up malicious ads.

And the problem continues to worsen. "Last year [2013], I'm sure I wrote more blog posts on malvertising-based attacks than I had in all the previous years combined," said Chris Larsen, a senior malware researcher at Blue Coat, a web filter appliance company.
Added Oscar Marquez, chief product officer for Total Defense, a cloud security network provider: "We have started to see it more and more, and we're seeing it more vigorously, as well."

"In the past, we saw attackers dipping their toe trying to test it," he continued. "Now we're really seeing them using it as an attack platform."

That attractiveness as an attack platform has ripened with the growth and evolution of advertising on the Net. "There's not a ton of regulation covering advertising, and it's a very fast moving industry and the gaps that fast moving industries leave are opportunities for bad guys," explained Lookout Principal Security Researcher Marc Rogers.
 
Full Article

0 replies

Be the first to reply!

Reply