Slashdot Mirror

← Back to Stories (view on slashdot.org)

Online Ads Are More Dangerous Than Porn, Cisco Says

Posted by samzenpus on from the watch-what-you-click dept.

wiredmikey writes "The popular belief is that security risks increase as the user engages in riskier and shadier behavior online, but that apparently isn't the case, Cisco found in its 2013 Annual Security report. It can be more dangerous to click on an online advertisement than an adult content site these days, according to Cisco. For example, users clicking on online ads were 182 times more likely to wind up getting infected with malware than if they'd surfed over to an adult content site, Cisco said. The highest concentration of online security targets do not target pornography, pharmaceutical, or gambling sites as much as they affect legitimate sites such as search engines, online retailers, and social media. Users are 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than if they'd gone to a counterfeit software site, according to Cisco's report (PDF). There is an overwhelming perception that people get compromised for 'going to dumb sites,' Mary Landesman, senior security researcher at Cisco, told SecurityWeek."

46 of 110 comments (clear)

  1. TFA got the probabilities backward by phaunt · · Score: 4, Informative

    The summary, and the Security Week article, write that "Users are more 21 times more likely to get hit with malware from online shopping sites than if they'd gone to a counterfeit software site".

    Cisco's report says that "Online shopping sites are 21 times more likely to deliver malicious content than counterfeit software sites."

    Those statements are not equivalent. Online shopping sites have many more visitors than counterfeit software sites, so they have more opportunity to deliver malware. The same goes for the factor of 27 for search engines.

    Also, it's hard to check the factor of 182 for adult sites, since the report doesn't include that number, or in fact even the words "porn" or "adult".

    1. Re:TFA got the probabilities backward by phaunt · · Score: 4, Insightful

      ...and Slashdot's title for the story that "Online Ads Are More Dangerous Than Porn" takes it still a level further. It's certainly not what Cisco said.

    2. Re:TFA got the probabilities backward by Errol+backfiring · · Score: 2

      Sure, but it's what we probably wanted to hear.

      Now go tell it to the politicians and mention the children. Maybe the privacy-invading criminals finally get punished. I won't be holding my breath though.

      Appropriate quote from Sir Winston Churchill:

      'Statistics are like a drunk with a lamppost, used more for support than illumination.'

      --
      Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    3. Re:TFA got the probabilities backward by Anonymous Coward · · Score: 4, Interesting

      It is exactly what Cisco said see here: http://www.cisco.com/en/US/prod/vpndevc/annual_security_report.html

    4. Re:TFA got the probabilities backward by wvmarle · · Score: 1

      Where Cisco's wording is really ambiguous. Deliver may mean indeed as you interpret it, the total number of successful infections, it may also mean the chance that if you visit that site, it gets you infected, which indeed would be my interpretation of the wording Cisco uses.

      And now I'd have to go read the report and look at the actual numbers and methodology they used, to figure out the actual meaning.

    5. Re:TFA got the probabilities backward by L4t3r4lu5 · · Score: 2

      Slashdot "editor" utilises hyperbole in post title in click whore shocker!

      More at 11, and tomorrow, and the day after, and the day after that...

      --
      Finally had enough. Come see us over at https://soylentnews.org/
    6. Re:TFA got the probabilities backward by K.+S.+Kyosuke · · Score: 1

      Those statements are not equivalent

      They're completely equivalent. The "than if they'd gone to a counterfeit software site" part takes care of that.

      --
      Ezekiel 23:20
    7. Re:TFA got the probabilities backward by Ol+Olsoc · · Score: 2
      What is your dog in this fight?

      I'll assume that you hit the wrong link, and read something else, so here is from the article:

      It can be more dangerous to click on an online advertisement than an adult content site these days, Cisco said in its latest version of the yearly security threat report.

      An adult content website - that's probably porn.

      The highest concentration of online security targets do not target pornography, pharmaceutical, or gambling sites as much as they affect legitimate sites such as search engines.....

      Are you going to wordsmith this one> Yeah, it doesn't say "porn". It says "pornography. The section you quoted, below the sentence with pornography in the text, does speak of the counterfeit software site.

      But you know why they used the "counterfeit site metric don't you? Because of the uproar that would ensue if they used actual data from porn surfing. And probably the glut of resumes too.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  2. Re:Risky != Risky??? by GiantMolecularCloud · · Score: 2

    You would actually become safer.

  3. Re:Risky != Risky??? by phaunt · · Score: 4, Informative

    What Cisco's report actually said is that behaviour often perceived as "safe" (such as online shopping) carries more risk than generally thought.

  4. Re:Risky != Risky??? by Anonymous Coward · · Score: 1

    They meant risqué vs risky?

  5. Why is this even news? by Anonymous Coward · · Score: 4, Insightful

    It has been known for a long time that ads are a primary malware vector, this is the reason many sane people block them.

    1. Re:Why is this even news? by RR · · Score: 2

      It has been known for a long time that ads are a primary malware vector, this is the reason many sane people block them.

      That is not the primary reason why I block ads. I block ads because I can't stand all the dancing, jiggling, flashing, gray overlays, slowdowns, green links, and noises, when I want to read something. If I incidentally block all the ads, well, I don't have the time to make my own ad block list that blocks only the bad ad providers. I tried it before, and I'm not convinced that there are any benign ad services.

      --
      Have a nice time.
    2. Re:Why is this even news? by rusty0101 · · Score: 1

      I would think that the problem here is that the people who this information would potentially protect, are unlikely to be people who would read the report to begin with.

      The real beneficiaries of a report like this from Cisco is the firewall manager who needs to explain to the management team why the corporate firewall needs to be blocking online shopping sites, but he or she has been advised not to remind management that in most cases corporate productivity will probably go up if the employees are not shopping at Amazon or B&N when they should be working on whatever their day to day job is supposed to be.

      --
      You never know...
  6. PAID online porn is safe... by K2tech · · Score: 5, Funny

    Well thats what I heard...from a friend...he doesn't have that many accounts...

  7. Thanks Google by Vladius · · Score: 2

    I've noticed similar shadyness with Google ads and just about all "sponsored content" you see on websites. You see the bullshit tags like "Doctors angered at woman's self treatment" or links to sites that seem to do nothing more than try to scare you to invest. The internet is full of bullshit. Somehow, for some reason Google is one of the richest companies in the world because of it. I'd like to know, who actually clicks on this shit.

    1. Re:Thanks Google by History's+Coming+To · · Score: 5, Interesting

      Did you check out Google's information on government/police/court requests for info and takedowns in the UK? Around 4,000 incidents in total, and over 2,000 of them were regarding AdWords. Not Youtube, or Blogger, or G+ or Google Pages, but AdWords. Looks like they're well aware of the problems, to the point of government agencies taking regular action over it. Thing is, this is the thing that makes them an enormous amount of money...

      Full breakdowns by country here

      --
      Please consider this account deleted, I just can't be bothered with the spam anymore.
  8. Let's get rid of online ads then. by Anonymous Coward · · Score: 1

    Let's get rid of online ads then.

  9. No surprise there, really. by wvmarle · · Score: 1

    It is long known that ads may contain malicious parts - especially bits of javascript. It happened before that major ad servers got compromised, it will happen again. I recall reports that some ads were trying to infect an unsuspecting user directly, and such ads are displayed on sites all over the place, including personal blogs and lolcat sites.

    When clicking an ad you don't really know which site you're going to be sent to. When visiting a porn or a warez site, you normally go there intentionally. Those sites are considered risky (especially the free ones - that use free porn/software to attract visitors - and somehow still have a desire to generate income), so many visitors will be more vigilant and may take extra precautions even.

    And ads will likely have a greater reach. I think it's safe to assume that many more people visit general sites with ads, than visit porn/warez sites. Greater chance to find a vulnerable system. More chance for someone to (accidentally) click the ad, and have them redirected to a malware site.

    The only somewhat surprising part is where online shopping sites are named as a major source of infection. Those sites have a reputation to keep up, or they will lose business. And as they are shopping sites, their income comes from direct sales, so there is no need to display third-party ads for revenue.

  10. watch... by Anonymous Coward · · Score: 1

    next week cisco unveils a new enterprise-caliber ad-scrubbing internet gateway...

  11. This is why I block ads by jbmartin6 · · Score: 5, Insightful

    This was always my response to the 'it is immoral to block ads' argument. I always said that if blah.com is hosting the ads itself I would be willing to allow them but as long as the content is from some unknown domain that I haven't chosen to trust, forget about it.

    --
    This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
    1. Re:This is why I block ads by deains · · Score: 1

      So do you block ads, or block content from unknown domains?

    2. Re:This is why I block ads by green1 · · Score: 2

      My ad blocking is accomplished by my DNS server, so it's not so much unknown domains as domains known to serve nothing but ads.

    3. Re:This is why I block ads by jbmartin6 · · Score: 1

      Not sure if this was your point or not, but I use Adblock. I am not that familiar with how it works, so it might be blocking some ads hosted by the same domain. In which case I would be an unwitting hypocrite. I'll probably check up on that at some point.

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
    4. Re:This is why I block ads by DMUTPeregrine · · Score: 1

      I block ads via noscript and request policy, not via adblock. So content from untrusted domains gets blocked, but not ads hosted by the site itself.

      --
      Not a sentence!
  12. Re:Or how about we just make secure browsers by thunderclap · · Score: 1

    Seriously, what year is this? If websites can still drop an executable onto a users machine with nothing more than a drive-by then clearly the problem is much more than just a question of ads of no ads. Why do operating systems and browsers still suck?

    Because Microsoft hasn't finished committing suicide yet. When IE finally approaches 0% then the suckage will start to lift.
    Oh before you bitch about Microsoft bashing, they just killed off Direct X. Ballmer is driving it into the ground faster than an exploding 787 battery.

  13. I have been saying this for a long time by erroneus · · Score: 4, Informative

    I consider "Adblock" and similar browser and computer add-ons to be *security* tools as much as bandwidth and other management.

    Since the first time I noted browser exploits coming across common news and sales sites, I realized that the current model requires not trust of the sites we visit, but of the advertiser's sites... you know, like google and double-click and the others. I don't want to trust "unknowns" and so I block them unless I need them unblocked for access.

    1. Re:I have been saying this for a long time by Bieeanda · · Score: 2

      What's worse is that ad networks will trade space between themselves. Even if a site is conscientious about the ads they show and the networks they're affiliated with, malware-laden ads can still filter through because of that promiscuity.

    2. Re:I have been saying this for a long time by drinkypoo · · Score: 2

      I don't want to trust "unknowns" and so I block them unless I need them unblocked for access.

      If I have to unblock too many sites, I just don't use a site. Problem solved. Anything actually requiring doubleclick is evil and must be destroyed.

      Adblock and Noscript are necessities for security in a world in which the browser can't provide an adequate sandbox, which is the world we live in.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  14. Don't Click On Me. by TheRealHocusLocus · · Score: 3, Funny

    Actual context sensitive Google ads that I was too terrified to click on:

    "Ball lightning: Browse a huge selection now. Find exactly what you want today."

    "Ann Coulter Ringtone! Send this ringtone to your phone right now!"

    Made me toss my browser cookies it did. After you toss your cookies these things stop for awhile, then build once again to a crescendo. Lately I have been getting ads with garden gnomes leering suggestively.

    --
    <blink>down the rabbit hole</blink>
    1. Re:Don't Click On Me. by TheRealHocusLocus · · Score: 1

      Some years back I wrote a small essay about another potential scenario... not the generic malware threat but one targeted to certain individuals. If you have a secret to keep that is worth killing to protect, you buy some specific Google ad-words that attract the attention of independent investigators out there who might be getting close to the mark. Lure them in by presenting a false front and inviting collaboration. Then go for the kill and make it look like an accident. Hocus Locus: Information Land Mines

      --
      <blink>down the rabbit hole</blink>
    2. Re:Don't Click On Me. by Anne+Thwacks · · Score: 1

      Never underestimate the attraction of a suggestively leering gnome to the truely gullible!

      --
      Sent from my ASR33 using ASCII
  15. Re:Risky != Risky??? by nickybio · · Score: 1, Funny

    You hit the nail on the head. We should do everything we can to avoid anal dissection.

  16. Re:DNS = faulty (hosts fix it)... apk by nickybio · · Score: 2

    Please stop with the long, self-advertising posts. There's no doubt you are amazing and should start your own blog.

  17. What's an ad by isorox · · Score: 1

    Isn't this an advert for some cisco snakeoil?

  18. What About Ads INSIDE the Porn Pages? by retroworks · · Score: 3, Funny

    Would the risks cancel each other out?

    --
    Gently reply
  19. Re:Just Chill Out Already by Jeng · · Score: 2

    If your responses weren't canned and also formatted in such a way that you believe your target audience is capable of no thought then you might not get modded down so much.

    Really your comments look like something an adman on bath salts would come up with, you are two bolded sentences away from being the Time Cube guy.

    Relax, just provide a place for people to start, or if you want to provide more information a single link to a guide will suffice. Oh, and you really should just go back to using an actual account instead of AC.

    --
    Don't know something? Look it up. Still don't know? Then ask.
  20. Re:Just trying to be safe.. by Anne+Thwacks · · Score: 1

    Mod parent +1:???

    --
    Sent from my ASR33 using ASCII
  21. Re:Opinions vary (243++:1) on my posts quality by Jeng · · Score: 1

    Giving people information is not a contest to see who can cram the most information down someones throat in the least friendly way.

    It might be possible that there may be some useful information in your posts, but I would never know because you have to be a bit insane to be able to put up with how you present said information.

    Think about how much information I just gave you in two little sentences, then look at your posts and try to distill that information into the shortest amount of words you can and I am sure your posts would only amount to around 2 well thought out paragraphs with perhaps 3 links total.

    Mainly since I don't see you disprove my points validly on custom hosts files value over DNS, AdBlock & Ghostery - period!

    There was no attempt to disprove the information in your posts. You made a post complaining about being down modded, I attempted to give you information that would help you not get down modded. Granted, I could have used more tact, but there was no attempt to disprove what you wrote.

    --
    Don't know something? Look it up. Still don't know? Then ask.
  22. Let's calculate by Fuzzums · · Score: 1

    So. watching porn all year is just as dangerous as clicking two ads.

    --
    Privacy is terrorism.
  23. Re:You're outnumbered by your /. peers by Jeng · · Score: 1

    Considering you did not reference my post at all in your "rebuttal", why did you even bother replying?

    I'm trying to interact with you in the hopes of finding out if there is an actual human being on the other end, and if there is one, perhaps help that person.

    --
    Don't know something? Look it up. Still don't know? Then ask.
  24. Re:Why should I? You're OFF-TOPIC, troll! by Jeng · · Score: 1

    Have fun celebrating your victory.

    You have slayed the mighty troll.

    The troll that replied to you when you asked why you were down modded.

    The troll that honestly tried to give you advice.

    btw, I did look over your short list of non hostfile +5 moderated posts and they were not your usual copy/paste-athons with a ton of bolded lines and links to other posts. Your +5 moderated non-host file posts were more ontopic than most of your posts and more human.

    But yes, I am a troll, I am not trying to help, you have won, enjoy yourself.

    --
    Don't know something? Look it up. Still don't know? Then ask.
  25. Re:DNS = faulty (hosts fix it)... apk by green1 · · Score: 1

    Considering how often this troll has posted that in this article alone (let alone the million other places) I don't see him changing any time soon. Of course using a hosts file is a better solution for people who have one single computer that connects to all sorts of networks. But for my particular situation it is just not ideal, and the DNS server offers a whole bunch of advantages, and almost no disadvantages.
    For me, I administer one list on the DNS server, and it covers all my family's computers, all our cell phones, tablets, and any other internet connected devices. As I'm running the server for other things anyway it costs me nothing.
    Although I do have to do some small amount of administration myself, it beats trusting any other application to do it, especially one spamvertised on some random internet site...

  26. Users more likely to get hit with malware? by dgharmon · · Score: 1

    'Users are 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than [if they weren't using Windows] ..

    --
    AccountKiller
  27. Re:Considering how often downmodding trolls by green1 · · Score: 1

    wow.... and the troll just will not give up... completely ignores everything I said, and wants to force his inferior system on the world. too bad the troll is too cowardly to log in.

  28. Re:I don't require advice that's off-topic by Jeng · · Score: 1

    You are the one who started this off-topic discussion about what you consider unfair down mods. I am staying on the topic of discussion you started, you are the one going off-topic. =P

    Fine, what do you think of the hostfile modifications that Spybot does? Is their list comprehensive enough?

    --
    Don't know something? Look it up. Still don't know? Then ask.