Cybercriminals were recently caught making approximate $25,000 a day, through malware-infected ads that they threw at unsuspecting users through popular sites like Yahoo, and others. This malvertising campaign that was on run for over two months, would have continued to prosper if it wasn’t brought to limelight by some security researchers. Malvertising, initially not much thought of, is increasingly becoming a rising security threat-one that needs to be dealt with persistently and swiftly.
Malicious advertising, more popularly known as Malvertising, refers to any online advertising network, which is infected by malware infested advertising, camouflaged with legitimate advertising. These online advertising channels are used by cybercriminals to introduce malware into computers, by embedding the legitimate ads with malicious codes on popular and trusted websites.
The fact that these online ads can be inserted into websites that are reputed and trusted by users, helps the cybercrooks in getting an opportunity to facilitate and push their attacks to internet users who otherwise might not have been exposed to these ads due to various safety precautions they might be taking. Malvertising, with little effort, is able to affect more people, hence is a lucrative choice of attack for hackers.
Another advantage that hackers have from using Malvertising as their method of attack is that it spreads malware into the system without much action required from the target’s end. It does not require the target to click on the infected ad or creep in through the existing vulnerabilities of the system. Malware from infected ads can silently creep into the affected system, without any other addition vector needed.
In 2012, approximately 10 bn ad impressions were compromised by malvertising. This number has since only grown, and the ease with which Malware infected ads can infect even the most cautious users has added to this.
In January 2014, Yahoo’s advertising servers were compromised to deliver malware to Yahoo site visitors. Fox-IT discovered this incident and also reported that in January 2014, some 300,000 users were exposed to infected ads with some 9% estimated to have been affected.
A news in September, 2014, reported that If you were the visitor to any of the following websites, amazon.com, yahoo.com, youtube.com, and some 74 more odd domains, then you may have fallen a prey to the “Kyle and Stan” Malvertising Network that is responsible for distributing sophisticated, mutating malware for Windows and Macs.
In October 2014, it was reported by some security researchers that cybercriminals were caught making approximate $25,000 a day, through malware-infected ads.
In the data overload world, we live in today, it’s extremely easy to find information about new discounts and offers, without even looking for them. The ads are bombarded at you through the advertisements that you visit off and on, but when you visit these sites, you get more than what you bargained for. It’s essential that you understand the steps that are needed to protect you from this malware infection.
Founder & Chief Marketing Officer, Indusface
Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in the security industry and had held various mgmt/leadership roles in Product Development, Professional Services, and Sales @Entrust.