Malware sneaks into online ads: researchers

August 5, 2014

Hackers are increasingly slipping malicious software into online advertising, creating risks for the Internet economic model, security researchers said Tuesday.

A report presented at the Black Hat security conference said "malvertising" has become increasingly prevalent and difficult for users to detect.

"Malvertising victims are infected with malware in the course of their normal Internet browsing and therefore have no idea where or how they were infected," said the report presented by Cisco .

"Tracing the source is next to impossible, because the ad that delivered the malware has long since disappeared."

The Cisco researchers say the problem is especially thorny because almost any website can be infected with a "drive-by" ad and may not be detected either by the website operator or ad network.

"A malvertiser who wants to target a specific population at a certain time—for example, soccer fans in Germany watching a World Cup match—can turn to a legitimate ad exchange to meet their objective," the report said.

"Just like legitimate advertisers, they contact companies that are gatekeepers for the ad exchanges. They will pay up front for the , perhaps $2,000 or more per ad run, and instruct the companies to tell the ad exchanges to serve the ads as quickly as possible, leaving little or no time for the ad content to be inspected."

Cisco said malvertising appeared to be used to distribute viruses which lock up a user's computer until he or she agrees to pay a fee—a system known as "ransomware."

The report said malvertising is a potentially huge problem because it could disrupt the massive market for online advertising.

"Internet advertising, annoying as it can be for users, is important because it allows people to freely consume the vast majority of the Web," the report said.

"If that model were to change or people were to stop trusting Internet advertising altogether, the repercussions for the Internet would be monumental."

The warning came in Cisco's mid-year security report presented at the Las Vegas conference. The document also pointed to numerous vulnerabilities in corporate networks that may be exploited, including outdated software, bad code and abandoned digital properties.

Explore further: US online advertising soars in first quarter: report

Related Stories

US Internet ad revenue grows 15 percent in 2012

April 16, 2013

U.S. Internet advertising revenue grew 15 percent to a record $36.6 billion in 2012, with mobile ad revenue growing faster than other types, according to a new report Tuesday.

US Internet ad revenue surpasses broadcast

April 10, 2014

For the first time, U.S. Internet advertising revenue has surpassed that of broadcast television thanks to sharp growth in mobile and digital video ads.

US Senate says firms must protect against malicious ads

May 15, 2014

The U.S. Senate warned Google, Yahoo and other leading technology companies Thursday they need to better protect consumers from hackers exploiting their lucrative online advertising networks or risk new legislation that would ...

Recommended for you

The ethics of robot love

November 25, 2015

There was to have been a conference in Malaysia last week called Love and Sex with Robots but it was cancelled. Malaysian police branded it "illegal" and "ridiculous". "There is nothing scientific about sex with robots," ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.