Advertising network takes on malvertisers

Attackers use real-time bidding platforms to place malicious ads on otherwise reputable sites

malware

In the war between malvertisers and legitimate advertising networks, the bad guys seems to be winning. Attackers use real-time bidding platforms to place malicious ads on otherwise reputable sites, infect target users and disappear -- often before anyone has even noticed that there's a problem, according to a new report by Fairvax, Vir.-based security firm Invincea, Inc..

Attackers can use the targeting features offered by advertising networks to zero in on victims based on which operating systems and browsers they use, based on their interests, based on their geographic locations, and even based on specific corporate IP ranges.

When the attackers target a wide range of people on a popular website, the malvertising will be noticed and shut down. But if the victims are very narrowly targeted, the attackers can switch out the malvertising for a legitimate ad as soon as their intended victims are infected, and nobody might notice at all.

End users and the companies where work aren't the only victims. The publishers suffer when word gets out that their websites are delivering malicious ads. So do the adverting networks -- not only do they often get paid with stolen credit card numbers, but they also lose out when publishers switch to other networks.

According to Invincea, the malicious ads appear on legitimate sites, so they don't show up on blacklists. Plus, advanced malvertisers have begun using Flash-based exploits that insert code directly into device memory, bypassing malware interception appliances.

The best way to stop malvertising, according to Invincea, is at the source -- preventing bad actors fro purchasing advertising in the first place.

To continue reading this article register now

  
Shop Tech Products at Amazon