• by Steve Smith  @popeyesm, March 6, 2014

Here is a story no mobile marketer wants to hear. Every desktop user knows that navigating to a porn site is an open invitation for drive-by downloads and other malware to be installed on your PC. But on smartphones and tablets now, it is the ads that will infect you. According to Blue Coat Security, which analyzed data from more than 75 million users worldwide, one in every five times a user was directed to mobile malware, it came from an ad.

The company found a significant uptick in malicious activity on devices initiated by the ad ecosystem -- 18.69% in February 2014, up from only 5.69 in November 2012. Pornography went from initiating 22.16% of threats more than a year ago to 16.68% last month. “In February 2014, Web ads represented the single biggest threat vector for mobile users,” the Blue Coat report states. The rate at which mobile Web ads are pushing people toward malware has tripled since November 2012. On the desktop, search engines and email are responsible for many of the links that lead people to malware. On devices search referrals to bad actors is trivial, happening only 3.13% of the time.

Blue Coat clarifies that mobile infections are different from desktop intrusions. Mobile is not subject generally to drive-by background malware downloads that can occur on the desktop without user awareness or interaction. Instead, mobile infection depends on human engineering, a deceptive email or ad that pushed people to a download or online presence that prompts them to change security settings and open up their device for unwanted installations and Trojan uses. The weak link is an unregulated ad network ecosystem where Blue Coat finds it is easy to trick ad servers into deploying malicious ads.

Still, overall, pornography is much more dangerous to mobile security than ads in that the genre represents less than 1% of requested content, but it alone is responsible for 16% of attacks.

Blue Coat says that most malware on smartphones and tablets is still relatively basic. The unwitting download of unwanted apps and unintended subscription to premium SMS programs remain the chief culprits as opposed to viral outbreaks. Unwanted app downloads can bring with it comprehensive analytics of user behavior and possible interception of data. The apps put privacy at risk. And the lack of transparency “also makes it impossible for users to make risk-based decisions about the apps they want to use and the information they want to share,” the report says.