By Indusface Research Team

After iCloud massacre

Online Banner Advertising – A source for Additional Revenue Generation

Online banner advertising began in the early 1990s as page owners sought additional revenue streams to support their content. Every popular website try to generate revenue by setting aside a particular space on their webpages and rent it to Network Marketers. Google Display network is one such strong group of more than a million websites, videos, and apps, through which Google displays 3rd party ads. Unfortunately the website owner has limited control over the ads running on their shared space.

Google’s DoubleClick: A lucrative ‘carrier’ for Cybercriminals!

DoubleClick is the ad technology foundation of Google which aims to create, transact, and manage digital advertising for the world’s buyers, creators and sellers. Advertisers and agencies strengthen and simplify complex online campaigns, using DoubleClick’s digital ad management platform. Apart from delivery, DoubleClick also provide great analytical features through multiple enhancements or plug-ins to help marketers in formulating and evaluating targeting techniques. These data-driven insights and features have provided Google’s DoubleClick an edge over its competitors and has become hugely popular among marketers and agencies.

But as it’s said ‘you need pay a price for popularity and successes’; the Cybercriminals have begun to piggyback Google DoubleClick’s ‘reach’ to meet their target too!

Zemot Malware – The Malware spread by DoubleClick ad servers

As per a latest report, Cyber criminals have exploited the power of two online advertising networks, Google’s DoubleClick and popular Zedo advertising agency, to deliver malicious advertisements to millions of internet users that could install malware on a user’s computer. A number of websites, including The Times of Israel, The Jerusalem Post and the music streaming website, have become victims and serving malicious advertisements designed to spread the recently identified Zemot malware.

The first impressions came in late August, and by now millions of computers have likely been exposed to Zemot, although only those with outdated antivirus protection were actually infected. According to report, the malicious advertisements lead users to websites containing Nuclear exploit kit, which looks for an unpatched version of Adobe Flash Player or Internet Explorer running on victim’s system. If found one, it downloads the Zemot malware, which then communicate it to a remote server and downloads a wave of other malicious applications.

The Zemot  malware focuses on computers running on Windows XP, although it can also infect more modern operating systems running on x86 and 64 bit machines. The malware can easily bypass the security softwares installed in the system before infecting computers with additional malware, therefore it is difficult to identify.

‘Malvertising’- Whom to blame?

Malware served through ad units (or “malvertising”) is nothing new, but this incident is notable because of the unusually broad reach of the attack. This has become possible due to sharp increase of online display advertising fuelled by Google DoubleClick’s reach. Google has confirmed the breach and has shut down all the affected servers which were redirecting malicious code and disabled the ads that delivered malware to user’s computers.

We highly think it’s a wake-up call to all stakeholders of online advertising. Publishers need to be more aware of the ads they are displaying on their website, network marketer needs to go for malware scanning of the landing web-pages before displaying them on their network sites and the end-users need to use latest and updated softwares/ plugins.