The practice of slipping malware into computers by redirecting users from legitimate websites via contaminated online ads is growing in number and sophistication.

Aldrin Brown, Editor-in-Chief

May 13, 2016

3 Min Read
Malvertising Attacks on Record Pace
Malvertising is on a record pace so far in 2016.

The number of “malvertising” attacks detected on top websites worldwide is on pace to hit a record this year, more than doubling the tally from just two years ago, according to research from cybersecurity vendor Cyphort Labs.

Malvertising is a type of malware that is launched through ads that are secretly placed on legitimate websites and redirect web browsers to hacker-controlled sites containing infected ads.

Cyphort Labs, which uses a crawler that works around the clock to search top sites for malicious code served though drive-by exploits, said the number of malvertising attacks is on track to hit 2,102, up from 1,654 last year.

If the pace holds, this year’s figure represents an increase of nearly 131 percent from the 910 detected in 2014.

“Malvertising is effective because users tend to trust mainstream, high-trafficked “clean” websites,” Nick Bilogorskiy wrote in a blog post for Cyphort Labs this week. “The attackers abuse this trust to infect them via third-party ad content.”

Once infected, victim devices and networks experience the same symptoms as other malware attacks: Viruses, locked files, compromised data and hijackings that allow machines to be used for other criminal acts.

Malvertising campaigns – first discovered in 2007 – are delivered by deceptive advertisers or agencies that slip malicious ads through ad networks, ad exchanges and ad servers.

Web publishers unknowingly use the corrupted ad on their page, which then automatically redirects visitors to the malware.

“This is done through an imitated Flash file download,” according to a Cyphort Labs special report, published last year. “This form of malware delivery is popular with attackers because infecting an ad is easier and requires less effort than finding a vulnerability in the site software.”

Attackers use a variety of strategies to avoid detection by the ad networks or host websites.

Sometimes, attackers delay launching of the malicious payload for some period of time after the ad is approved.

In other cases, attackers elect to only serve the exploits to selected users, like every 10th or every 20th visitor who views the ads.

Other tactics include inserting SSL redirectors in the malvertising chain, and veifying user agents and IP addresses.

Malvertising often uses the large, layered setup of real-time bidding platforms to conceal the attacks.

Online advertising networks receive millions of ads and any one could be malvertising. Ad networks have a broad reach and an infiltration can infect many people very quickly.

Users who land on a page with malvertising can trigger the infection without clicking anywhere.

One of the biggest malvertising campaigns occurred in 2009, when the New York Times was targeted during the Sept. 11 weekend. Visitors to the newspaper website saw messages informing them that their systems were infected and instructed them to install software that turned out to be malware.

In recent weeks, massive malvertising attacks have targeted the sites of entertainment blogger Perez Hilton, and AOL’s Huffington Post.

Cyphort experts say combatting malvertising requires vigilance by website owners, ad networks and web users, and suggest the following measures:

Ad networks should use continuous monitoring that automatically checks for malicious ads.

Scans should occur early and often, accounting for changes throughout the advertising chain, not just at the ad creative stage.

Ad networks should leverage the latest security intelligence to power monitoring systems and stay abreast of current global threats.

Web users should ensure computer systems are properly patched to minimize the risk from known vulnerabilities.

 

Send tips and news to [email protected].

Read more about:

MSPsMSP 501

About the Author(s)

Aldrin Brown

Editor-in-Chief, Penton

Veteran journalist Aldrin Brown comes to Penton Technology from Empire Digital Strategies, a business-to-business consulting firm that he founded that provides e-commerce, content and social media solutions to businesses, nonprofits and other organizations seeking to create or grow their digital presence.

Previously, Brown served as the Desert Bureau Chief for City News Service in Southern California and Regional Editor for Patch, AOL's network of local news sites. At Patch, he managed a staff of journalists and more than 30 hyper-local and business news and information websites throughout California. In addition to his work in technology and business, Brown was the city editor for The Sun, a daily newspaper based in San Bernardino, CA; the college sports editor at The Tennessean, Nashville, TN; and an investigative reporter at the Orange County Register, Santa Ana, CA.

 

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like