Malvertising is when hackers purchase ad space on a legitimate website, and as the name suggests, they setup malicious ads designed for the sole purpose of hacking computers of people who click on their ads.
The news page of The Daily Mail seemed perfectly innocent. Apart from the countless stories of celebrity gossip and inelegant design magazine, nothing about the news website of the United Kingdom it seemed particularly malicious. But, if you visited the site in October you may have been the victim of sophisticated hacking campaign without even realizing it.
At bottom, what really happened here is that the readers of the Daily Mail, clicking on ads from third parties, were redirected without them realizing and automatically powerful “Exploit Kits” designed to install malware on their equipment. Sometimes these fraudulent sites are activated as pop-ups in the background, without the user’s knowledge and often without the need for clicking on these ads.
This is the flourishing trade of malicious advertising: where cyber-criminals take on ads in popular Internet websites, in order to infect computers as many people as possible.
Lot of popular sites have already been the target of Malvertising
The Malvertising goes back at least to 2009, when some visitors to the New York Times, clicked on an advertisement intended as an antivirus scanner to the computer. The attack on the Daily Mail was only one of many recent examples of what can happen to the sites you commonly visit people on the Internet.
So many popular websites faced same problem and a month before, the Huffington Post, a site with 100 million unique monthly visitors, was become a true servant of malware. In fact, it was not the first time something like this happening to The Huffington Post, and that something similar would have happened in December 2014 and lasted until January 2015, a period of time that infected thousands computers. Other major websites that were affected by this year were, Yahoo! and Forbes, the last in September of this year.
If that sounds like a lot, it’s because it is: Researchers Cyphort software security company reported an increase of 325 percent of malicious advertising, attacks occurred between June 2014 and February 2015. What is clearly increased more alarming.
How The Malvertising Work
Although each attack may vary, malicious advertising follows a fairly standard process. First, an attacker is recorded in an ad network. These are the companies that manage the ads on sites you visit and use, and selling advertising space to companies that want to showcase their products.
They act as intermediaries between the web site you want to sell your ad space, and the company or person you want to hire. Then each time a person clicks on the ad, the intermediary servers to the potential consumer forwarded to the site of the company that hired the advertising service. So far that has absolutely nothing wrong.
When you visit the site, the type of advertising that show you usually determined when you enter the site, this is done through a process called Real Time Bidding (RTB) ad buyers pay for a specified number of impressions Ad beforehand, and a demographic of users. Then, when someone visits the site, the one with the highest bid for that particular demographic group of users, gets its announcement that s faithful to present to the user, that is, who pays more for a certain demographic is which you can show your ads to visitors at any given time of day.
But if it is a case of malicious advertising, once the page is loaded, the ad appears and the code redirects the user to a web page where a kit exploit without even clicking on the ad stays. It is likely to happen in the background, through an iFrame-unseen piece of web content to the human eye, without any interaction from you. In fact, it could not be tale of what is happening.
“The work of the landing page is essentially to determine whether there are any vulnerable plug into the computer,” Segura said. I could see what browser you are using, and then seek some kind of vulnerable software you are using.
Finally, the page will download the exploit to your computer. The Malvertising sometimes offer what is known as ransomware, which is the clever hack that blocks files from a computer until the victim pays a fine, while other forms of advertising send malicious banking Trojans to steal financial information.
It is important to note that not everyone who visits an infected by this type of advertising will be hacked. In fact, some ads will only focus on people who meet certain demographic requirements. Also, if you have taken adequate protections, the team might not even be vulnerable to this attack in particular.
Also many malicious advertising campaigns used the exploit kit Angler, which can have a success rate of up to 40 percent worldwide, according to a recent report from Cisco. Besides this, a number of recent attacks have used zero-day exploits, which means that even if you have fully updated their software could compromise their security, but these types of attacks are rare.
More recently, hackers have been using the encrypted HTTPS addresses, making it more difficult to find them.
How Can We Defy Malvertising ?
It all depends on users, developers own sites and ad networks to mitigate the problem of malicious advertising.
Hélène Barrot, a representative of Google, said in an email that DoubleClick advertising platform company (which has been unwittingly a part of malicious advertising campaigns), which has adopted a number of different approaches. Collaborates with industry partners, publishes research on malicious advertising, and uses the malware detection tools. “In 2014, we disable more than 524 million malicious ads and forbid evil more than 214,000 advertisers,” Barrot said.
Segura does not believe that a better malware scanning is helpful, though: There are too many things to consider. Instead, the entry barrier should be raised for those who want to hire ad networks, creating a larger cybercriminals for financial risk.
For now, the malicious advertising is incredibly cheap for cybercriminals. For some ad networks, hackers are “able to put malicious ads in front of thousands of people for only 30 cents. You can not get any cheaper than that, “Segura said.
Segura suggests that if publishers do not want to risk subjecting readers to malicious advertising, maybe they could consider other ways to support themselves, as the native advertising or sponsored content. But that’s not reasonable for most website publishers option, since many depend on the advertising industry to keep the lights on.What you can do to protect yourself is to keep the software fully updated, using anti-virus software.