Cybercriminals earning 25k$ a day through Malware infected Advertisements

Malicious advertising, more popularly known as Malvertising, refers to any online advertising network, which is infected by malware-infested advertising, camouflaged with legitimate advertising. These online advertising channels are used by cybercriminals to introduce malware into computers, by embedding legitimate ads with malicious codes on popular and trusted websites.

The fact that these online ads can be inserted into websites that are reputed and trusted by users, helps the cybercrooks in getting an opportunity to facilitate and push their attacks to internet users who otherwise might not have been exposed to these ads due to various safety precautions they might be taking. Malvertising, with little effort, is able to affect more people, hence is a lucrative choice of attack for hackers.

Another advantage that hackers have from using Malvertising as their method of attack is that it spreads malware into the system without much action required from the target’s end. It does not require the target to click on the infected ad or creep in through the existing vulnerabilities of the system. Malware from infected ads can silently creep into the affected system, without any other addition vector needed.

Malvertising rocks the world

In 2012, approximately 10 bn ad impressions were compromised by malvertising. This number has since only grown, and the ease with which Malware infected ads can infect even the most cautious users has added to this.

In January 2014, Yahoo’s advertising servers were compromised to deliver malware to Yahoo site visitors. Fox-IT discovered this incident and also reported that in January 2014, some 300,000 users were exposed to infected ads with some 9% estimated to have been affected.

News in September 2014, reported that If you were the visitor to any of the following websites, amazon.com, yahoo.com, youtube.com, and some 74 more odd domains, then you may have fallen prey to the “Kyle and Stan” Malvertising Network that is responsible for distributing sophisticated, mutating malware for Windows and Macs.

In October 2014, it was reported by some security researchers that cybercriminals were caught making approximately $25,000 a day, through malware-infected ads.

In the data overload world, we live in today, it’s extremely easy to find information about new discounts and offers, without even looking for them. The ads are bombarded at you through the advertisements that you visit off and on, but when you visit these sites, you get more than what you bargained for. It’s essential that you understand the steps that are needed to protect you from this malware infection.

How to protect from Malvertising?

1. Some basics involve not clicking on pop-ups claiming you are the n^th visitor and have won an iPad/iPhone/anything else that appeals to you. It’s very tempting to click on them, but trust me, the only thing you win is the “must be avoided” attention of some very dangerous malware.
2. Update your software periodically. Have the latest patches and updates not only for your OS but also for software and Internet browsers. All reputed and trusted software (we hope you use only the trusted ones, and if you don’t, well, then you must!) come up with security updates regularly, and inform you of the same. Do not ignore them.
3. Take help from the experts. There are many internet security software that scan and detect malicious ads, trace their source, and provide immediate alerts. Some malware protection solutions also identify zero-day malvertising on a daily basis.
4. Weekends, festivals, shopping seasons – be more cautious of malvertising campaigns during these.
5. For enterprises: Malvertising affects your business as well as reputation. If you are accepting advertising, you need to be more cautious about this. Enterprises should invest in a good security solution, which protects their online environment from malware-infected ads.