Malvertising: Malware Infected Online Ads
Cybercriminals are always on the lookout for ways of infecting your computer with malware. It is their job, and they do it well. So well in fact, that cybercrime has hit staggering figures, with PWC reporting in their Global State of Information Survey 2015 that there were 42.8 million security incidents in 2014, an increase of 48% over the 2013 figures.
Online advertising is now big business. Most large brands use it, and market analysts’ eMarketeer reported the global market for online paid media was around $545 billion in 2014 and growing.
On the back of the success and ubiquitous use of online ad marketing is the latest trend in cybercrime, which uses these online ads to spread malware. This new entrant to the cybercrime arsenal is called malvertising.
The success of malvertising was demonstrated at the recent Black Hat USA Conference by RiskIQ who have seen an increase of malvertising use of 260% in the first two quarters of 2015. Such a successful cybercrime vector is here to stay, for the foreseeable future at least.
What is Malvertising and How Does it Work?
To become infected by malware via an online ad, you just need to visit a site that has an infected ad running. Some malverts don’t even need you to click on them to get infected, the malicious code being executed silently in the background when the ad runs
Malverts infect you either directly, or by taking you to a spoof site when clicked. Either way, you end up with the same problem, malware infected computers. One of the key things about malverts is that they can go from being benign to harmful in seconds, and it can become next to impossible to trace the source of the malware. In addition, ads are often served up through complex third-party ad networks. If these networks become infected, they can potentially serve up malicious ads across multiple legitimate sites. Even reputable ad networks cannot totally eradicate malware-infected ads. They do check the ads for things such as banned words, prohibited products and so on, but unless they fully scrutinize the underlying code, malware can slip through the net.
Examples of Malvertising
There are a number of very large ad networks that have been affected by malvertising. One of these is Yahoo’s ad network. The Yahoo ad network is massive. They have around 6.9 billion visits per month, so it is a mouth-watering opportunity for cybercriminals. Yahoo’s network was hijacked in late July 2015. The cybercriminals used a software vulnerability in Adobe Flash to install the software. Some of the malware they implemented was the dreaded ransomware, which extorts money from anyone unfortunate enough to get infected by it. As soon as Yahoo was informed of the malware intrusion, the ads were pulled. However, this would not help those already infected (possibly over 2 million of Yahoo’s users). The scary part about the Yahoo! malvertising is that you didn't even have to click on or do anything interactively to get infected. The combination of inadvertantly visiting an infected page and not having the latest patches installed to Flash would get you infected.
Google has also had its fair share of malvertising attacks on its ad network. Google announced last year that they’d removed 350 million ‘bad ads’ from their network. Google’s DoubleClick network, which has a massive distributed reach serving ads to millions of websites, suffered a malware attack in late 2014 which targeted users through a seamless (no user interaction) redirection to an exploit kit called ‘Angler’, which then infected their machines with either ad fraud or ransomware – most impacted users lived in the USA.
How to Protect Yourself from a Malicious Ad
It may seem that something as insidious as an ad displaying in a website can then infect you with no user intervention. There are, however, measures you can take to prevent becoming infected, even if you do stumble across an infected ad. Here are some general ways of protecting you, your data and your finances:
The purple alert boxes in the bottom right are the Ghostery findings. Some sites will have over 100 trackers and ads running! Most of the blockers also block behavioral tracking. Understanding and doing something about cybersecurity risks is the key to protecting your business and your own personally identifiable information.