When ads go bad: A look into malvertising's malicious growth
Advertisements on the Internet are no longer just a nuisance. They are now also potentially dangerous. Even sticking to widely used and trusted websites can be risky, as the banner ads they contain may be carrying malicious code.
“Malvertising”, a combination of “malware” and “advertising”, is the technique of using trusted ad networks to deliver malware-loaded advertisements to users on trusted websites. This is not a new technique, but over the last couple of years its use has grown exponentially by cybercriminals because it is so effective.
"Malvertising is a big problem and its return on investment for fraudsters suggests it’s not going away anytime soon," says David Kennerley, senior threat research manager at Webroot
“Unfortunately, simply keeping to trusted websites no longer means you’ll stay safe,” says Kennerley. “The outsourced, distributed and chaotic nature of the online advertising industry means that even the world’s most popular websites have no visibility on the ad content displayed on their pages or its original source.”
In recent months, an additional level of complexity has been employed in these types of attacks: “Fingerprinting”, a method of uniquely identifying computers based on meta-data and file dumps. As online advertisers move away from human transactions and toward real-time ad bidding, cybercriminals are finding ways to better target their victims.
Ad networks provide user meta-data to advertisers so that they can better advertise to consumers, but this same data can be used by cybercriminals to identify systems that can be exploited. For instance, if the meta-data reveals that a PC’s Adobe Flash is not up to date and a known exploit exists for their version of Flash, they will identify that PC as a target for attack.
With malvertising gaining popularity among cybercriminals, protecting yourself from this type of attack is critically important.
“Internet users should keep their browsers fully patched, with appropriate in-built phishing and malware protection switched on,” advises Kennerley. “Browser add-ons should be kept up-to-date, with auto-play turned off; or better yet, disable or remove these commonly exploited add-ons completely. Ad-blocking software is becoming a must and of course a strong endpoint protection product is essential.”
Article by Nathan Wyman, a Threat Research Anaylst at Webroot. With a background in building, repairing, and troubleshooting computers for friends and family as a teenager, Nathan has been working with PCs for nearly 20 years. He is an experienced Advanced Malware Removal Engineer, and on a daily basis, he researches and analyses emerging malware trends and works to keep Webroot's threat detections current.