Malvertising Up 300% In 2014, Spreading Cross-Channel Through Search Ads, Display, Video

Estimates suggest that advertising fraud will cost companies worldwide around $6.3 billion dollars in 2015, according to the Association of National Advertisers. Much like advertisers, site publishers can be blamed for malvertising attacks. If a user is infected, chances are that he or she will have second thoughts about returning to the brand's or publisher's site. Consumers become victims because the malware takes up residence on their computer. No click required -- the person simply needs to visit the site.

Data published Tuesday by Cyphort, a malware detection company, suggests that malvertising incidents rose 300% year-over-year in 2014. Display and video ads are not the only conduit for the malware. Search ads that lead to landing pages can inadvertently affect consumers.

One attack that the company identified in January 2015 compromised the AOL Ad-Network and led to major Web sites displaying malvertising, such as HuffingtonPost.com, FHM.com, theindychannel.com, LAWeekly.com and weatherbug.com. 

Another originated in February 2015 from the Indonesian gadget and technology site Gopego.com. The malicious advertisement redirected users to other malicious links and eventually downloaded CryptoWall, which encrypts user files, then demands that victims pay $500 dollars using Bitcoin to receive the decryption key that allows them to recover their files. It also displays a countdown of 168 hours to pay the ransom. If the victim does not pay, the price increases to $1,000. 

A common misconception remains that site visitors must click on ads to beome infected. To infect someone's computer, HTML-based Javascript or Flash-based ActionScript covertly routes the browser to a different server hosting an exploit kit or malware. With real-time bidding, malicious advertisements can remain hidden for extended periods of time. The ad can go live in a specific geographic location at a particular time.

"Online ads appear to be an image hosted on the website, but they are neither hosted on that website nor just an image," per the study. "Ad networks, which are not under the control of the host website, decide which ad to send you, but often do not actually deliver the ads. Instead, the ad networks instruct your browser to call a server designated by the advertiser."

The report also points to data from the Online Trust Alliance Research, Cisco's Annual Security Report, and Google. The Online Trust Alliance research estimates that by 2013 malvertising rose to more than 209,000 incidents and generated over 12.4 billion malicious ad impressions, which is more than four per each person using the Internet.

Cisco’s Annual Security Report found that online ads were the second-most common source of Web malware encounters, accounting for 16% of incidents, and Google published Fighting Bad Advertising Practices on the Web, 2014 Year in Review report, in which half a billion bad ads were filtered 2014,000 malware Web sites were disabled.

1 comment about "Malvertising Up 300% In 2014, Spreading Cross-Channel Through Search Ads, Display, Video ".
Check to receive email when comments are posted.
  1. George Gretser from MediaMax Network, August 26, 2015 at 9:24 a.m.

    Another nice thing about print: no viruses or malware!

Next story loading loading..