Malware sneaks into online ads: researchers

Aug 05, 2014

Hackers are increasingly slipping malicious software into online advertising, creating risks for the Internet economic model, security researchers said Tuesday.

A report presented at the Black Hat security conference said "malvertising" has become increasingly prevalent and difficult for users to detect.

"Malvertising victims are infected with malware in the course of their normal Internet browsing and therefore have no idea where or how they were infected," said the report presented by Cisco .

"Tracing the source is next to impossible, because the ad that delivered the malware has long since disappeared."

The Cisco researchers say the problem is especially thorny because almost any website can be infected with a "drive-by" ad and may not be detected either by the website operator or ad network.

"A malvertiser who wants to target a specific population at a certain time—for example, soccer fans in Germany watching a World Cup match—can turn to a legitimate ad exchange to meet their objective," the report said.

"Just like legitimate advertisers, they contact companies that are gatekeepers for the ad exchanges. They will pay up front for the , perhaps $2,000 or more per ad run, and instruct the companies to tell the ad exchanges to serve the ads as quickly as possible, leaving little or no time for the ad content to be inspected."

Cisco said malvertising appeared to be used to distribute viruses which lock up a user's computer until he or she agrees to pay a fee—a system known as "ransomware."

The report said malvertising is a potentially huge problem because it could disrupt the massive market for online advertising.

"Internet advertising, annoying as it can be for users, is important because it allows people to freely consume the vast majority of the Web," the report said.

"If that model were to change or people were to stop trusting Internet advertising altogether, the repercussions for the Internet would be monumental."

The warning came in Cisco's mid-year security report presented at the Las Vegas conference. The document also pointed to numerous vulnerabilities in corporate networks that may be exploited, including outdated software, bad code and abandoned digital properties.

Explore further: US Senate says firms must protect against malicious ads

add to favorites email to friend print save as pdf

Related Stories

US Senate says firms must protect against malicious ads

May 15, 2014

The U.S. Senate warned Google, Yahoo and other leading technology companies Thursday they need to better protect consumers from hackers exploiting their lucrative online advertising networks or risk new legislation that would ...

US Internet ad revenue surpasses broadcast

Apr 10, 2014

For the first time, U.S. Internet advertising revenue has surpassed that of broadcast television thanks to sharp growth in mobile and digital video ads.

US Internet ad revenue grows 15 percent in 2012

Apr 16, 2013

U.S. Internet advertising revenue grew 15 percent to a record $36.6 billion in 2012, with mobile ad revenue growing faster than other types, according to a new report Tuesday.

Recommended for you

User comments : 0