Malvertising continues to pound legitimate websites

In the last three months of 2010 attackers managed to serve 3 million malicious advertising, or malvertising, impressions every day

In the last three months of 2010 attackers managed to serve 3 million malicious advertising, or malvertising, impressions every day. That's the headline figure from a report released today from Web security firm Dasient. According to Dasient, that's a 100 percent increase from the preceding quarter.

Part of the increase may be attributed to Dasient increasing the types of ad networks it tracks. In this report, the firm began tracking so-called remnant advertising networks (networks that sell empty advertising slots at the last opportunity) as part of its study. Because these networks aggregate advertisements and charge a low rate, there is less revenue and possibly less vetting of the safety of advertisements, the report stated.

Also see: 7 reasons websites are no longer safe

"Reputable ad networks also often syndicate or sub-syndicate unsold ad space to remnant ad networks instead of filling them with house ads. With the addition of more remnant ad networks in our telemetry, we believe that we are more accurately reflecting the current state of malvertsing," the report stated.

Last week the real threat of malvertising shook visitors to the London Stock Exchange's Web site. Visitors to the site were hit with ads crafted to display bogus security alerts.

These malicious ads, designed to sell anti-virus software, somehow infiltrated an ad network that is used by the London Stock Exchange. Robert McMillan has more in his report Malware ads hit London Stock Exchange site.

Because of their ease of execution and effectiveness at reaching a broad audience, these attacks aren't expected to stop soon. In fact, according to Elad Sharf, researcher with Websense Security Labs, they're always striving to become even stealthier. With every new cyber attack, criminals custom build malware variants - the malware file goes through extra processing with the aid of tools that are part of the cyber criminal toolkit like packers, obfuscators and encryptors. Because this is custom made and new, the Antivirus detection is very low as would be expected on a new variant, so it can actually run on the user machine if an exploit is successful. Detection rate at the time of the attack is 11 percent according to Virustotal," he said.

What it's like to...

The London Stock Exchange attack also points to another troubling trend in malicious advertising attacks: rather than infiltrate them, criminals are simply buying the ad space needed to propagate their attacks. "We have been following the exploit domains in this malvertising campaign for quite a long time now, and it seems that cyber criminals frequently use fee-based advertising networks to propagate malware - that means cyber criminals are willing to pay in order to propagate malware," Sharf said.

George V. Hulme writes about security and technology from his home in Minneapolis. When he's not clicking on online ads, he can be found on Twitter as @georgevhulme.

Read more about social engineering in CSOonline's Social Engineering section.

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitymalwaresocial engineeringsoftwaredata protectionnetwork securityapplicationsfirewallsapplication securityAccess control and authenticationData Protection | Social EngineeringmalvertisingDasientmalicious websites

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

George V. Hulme

CSO (US)
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?