Malvertising continues to pound legitimate websites

In the last three months of 2010 attackers managed to serve 3 million malicious advertising, or malvertising, impressions every day

In the last three months of 2010 attackers managed to serve 3 million malicious advertising, or malvertising, impressions every day. That's the headline figure from a report released today from Web security firm Dasient. According to Dasient, that's a 100 percent increase from the preceding quarter.

Part of the increase may be attributed to Dasient increasing the types of ad networks it tracks. In this report, the firm began tracking so-called remnant advertising networks (networks that sell empty advertising slots at the last opportunity) as part of its study. Because these networks aggregate advertisements and charge a low rate, there is less revenue and possibly less vetting of the safety of advertisements, the report stated.

Also see: 7 reasons websites are no longer safe

"Reputable ad networks also often syndicate or sub-syndicate unsold ad space to remnant ad networks instead of filling them with house ads. With the addition of more remnant ad networks in our telemetry, we believe that we are more accurately reflecting the current state of malvertsing," the report stated.

Last week the real threat of malvertising shook visitors to the London Stock Exchange's Web site. Visitors to the site were hit with ads crafted to display bogus security alerts.

These malicious ads, designed to sell anti-virus software, somehow infiltrated an ad network that is used by the London Stock Exchange. Robert McMillan has more in his report Malware ads hit London Stock Exchange site.

Because of their ease of execution and effectiveness at reaching a broad audience, these attacks aren't expected to stop soon. In fact, according to Elad Sharf, researcher with Websense Security Labs, they're always striving to become even stealthier. With every new cyber attack, criminals custom build malware variants - the malware file goes through extra processing with the aid of tools that are part of the cyber criminal toolkit like packers, obfuscators and encryptors. Because this is custom made and new, the Antivirus detection is very low as would be expected on a new variant, so it can actually run on the user machine if an exploit is successful. Detection rate at the time of the attack is 11 percent according to Virustotal," he said.

What it's like to...

The London Stock Exchange attack also points to another troubling trend in malicious advertising attacks: rather than infiltrate them, criminals are simply buying the ad space needed to propagate their attacks. "We have been following the exploit domains in this malvertising campaign for quite a long time now, and it seems that cyber criminals frequently use fee-based advertising networks to propagate malware - that means cyber criminals are willing to pay in order to propagate malware," Sharf said.

George V. Hulme writes about security and technology from his home in Minneapolis. When he's not clicking on online ads, he can be found on Twitter as @georgevhulme.

Read more about social engineering in CSOonline's Social Engineering section.

Tags firewallsapplicationsmalvertisingDasientapplication securitymalicious websitesdata protectionsocial engineeringmalwarenetwork securitysecurityData Protection | Social EngineeringAccess control and authenticationsoftware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

George V. Hulme

CSO (US)

1 Comment

Mark

1

Yeah, I've seen a lot of java malware served trough ads on many sites including reputable ones.

Action needs to be taken as soon as possible.

I myself have completely uninstalled java from my system.

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?