Get a free application, infrastructure and malware scan report - Scan Your Website Now

Subscribe to our Newsletter
Try AppTrana WAAP (WAF)

Managed WAF

Starts at $99

Guided onboarding, monitoring of latency, false positives, and DDoS attacks, custom rules, and more

Try Free For 14 Days

Cybercriminals earning 25k$ a day through Malware infected Advertisements

Posted DateNovember 12, 2014
Posted Time 3   min Read

Cybercriminals were recently caught making approximate $25,000 a day, through malware-infected ads that they threw at unsuspecting users through popular sites like Yahoo, and others. This malvertising campaign that was on run for over two months, would have continued to prosper if it wasn’t brought to limelight by some security researchers. Malvertising, initially not much thought of, is increasingly becoming a rising security threat-one that needs to be dealt with persistently and swiftly.

What is Malvertising?

Malicious advertising, more popularly known as Malvertising, refers to any online advertising network, which is infected by malware-infested advertising, camouflaged with legitimate advertising. These online advertising channels are used by cybercriminals to introduce malware into computers, by embedding legitimate ads with malicious codes on popular and trusted websites.

The fact that these online ads can be inserted into websites that are reputed and trusted by users, helps the cybercrooks in getting an opportunity to facilitate and push their attacks to internet users who otherwise might not have been exposed to these ads due to various safety precautions they might be taking. Malvertising, with little effort, is able to affect more people, hence is a lucrative choice of attack for hackers.

Another advantage that hackers have from using Malvertising as their method of attack is that it spreads malware into the system without much action required from the target’s end. It does not require the target to click on the infected ad or creep in through the existing vulnerabilities of the system. Malware from infected ads can silently creep into the affected system, without any other addition vector needed.

Malvertising rocks the world

In 2012, approximately 10 bn ad impressions were compromised by malvertising. This number has since only grown, and the ease with which Malware infected ads can infect even the most cautious users has added to this.

In January 2014, Yahoo’s advertising servers were compromised to deliver malware to Yahoo site visitors. Fox-IT discovered this incident and also reported that in January 2014, some 300,000 users were exposed to infected ads with some 9% estimated to have been affected.

News in September 2014, reported that If you were the visitor to any of the following websites, amazon.com, yahoo.com, youtube.com, and some 74 more odd domains, then you may have fallen prey to the “Kyle and Stan” Malvertising Network that is responsible for distributing sophisticated, mutating malware for Windows and Macs.

In October 2014, it was reported by some security researchers that cybercriminals were caught making approximately $25,000 a day, through malware-infected ads.

In the data overload world, we live in today, it’s extremely easy to find information about new discounts and offers, without even looking for them. The ads are bombarded at you through the advertisements that you visit off and on, but when you visit these sites, you get more than what you bargained for. It’s essential that you understand the steps that are needed to protect you from this malware infection.

How to protect from Malvertising?

  1. Some basics involve not clicking on pop-ups claiming you are the nth visitor and have won an iPad/iPhone/anything else that appeals to you. It’s very tempting to click on them, but trust me, the only thing you win is the “must be avoided” attention of some very dangerous malware.  
  2. Update your software periodically. Have the latest patches and updates not only for your OS but also for software and Internet browsers. All reputed and trusted software (we hope you use only the trusted ones, and if you don’t, well, then you must!) come up with security updates regularly, and inform you of the same. Do not ignore them.
  3. Take help from the experts. There are many internet security software that scan and detect malicious ads, trace their source, and provide immediate alerts. Some malware protection solutions also identify zero-day malvertising on a daily basis.
  4. Weekends, festivals, shopping seasons – be more cautious of malvertising campaigns during these.
  5. For enterprises: Malvertising affects your business as well as reputation. If you are accepting advertising, you need to be more cautious about this. Enterprises should invest in a good security solution, which protects their online environment from malware-infected ads.

 

web application security banner

Venkatesh Sundar

Venky is an Application Security technologist who built the new age Web application Scanner and Cloud WAF - AppTrana at Indusface as a Founding CTO. Currently, he spends his time on driving Product Roadmap, Customer Success, Growth, and technology adoption for US businesses.

Share Article:

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

Startup Security
Everything Startups Need to Know About CyberSecurity

Keeping your startup safe from hackers, data loss and breaches takes more than just a firewall and antivirus software. Here is everything you need to about it.

Read More
Cybercriminals piggybacking on Google’s DoubleClick for rapid distribution
Cybercriminals Piggybacking on Google’s DoubleClick for Rapid Distribution

As per a latest report, Cybercriminals have exploited the power of two online advertising networks, Google’s DoubleClick and popular Zedo advertising agency.

Read More

AppTrana

Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Get Started for Free Request a Demo

Gartner

Indusface is the only cloud WAAP (WAF) vendor with 100% Customer Recommendation for 3 consecutive years.

A Customers’ Choice for 2022 and 2023 - Gartner® Peer Insights™

The reviews and ratings are in!