Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malvertising Up By Over 200%

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes "Online Trust Alliance (OTA) Executive Director and President Craig Spiezle testified before the U.S. Senate's Homeland Security and Governmental Affairs Permanent Subcommittee on Investigations, outlining the risks of malicious advertising, and possible solutions to stem the rising tide. According to OTA research, malvertising increased by over 200% in 2013 to over 209,000 incidents, generating over 12.4 billion malicious ad impressions. The threats are significant, warns the Seattle-based non-profit—with the majority of malicious ads infecting users' computers via 'drive by downloads,' which occur when a user innocently visits a web site, with no interaction or clicking required."

4 of 174 comments (clear)

  1. Re:Disable Javascript already! by Katatsumuri · · Score: 1, Informative

    I find NoScript extension convenient.

  2. Re:It's one of many reasons why Adblocking is mora by pushing-robot · · Score: 3, Informative

    I think he's saying all content needs to be either paywalled or made or sponsored by the wealthy and powerful.

    --
    How can I believe you when you tell me what I don't want to hear?
  3. Re:It's one of many reasons why Adblocking is mora by Nethead · · Score: 4, Informative

    Or is this site supported by the Bandwidth Pixies?

    At one point, yes. I was one of them. I worked at an ISP and we gave Rob Malda a Pentium Linux box (slackware, IIRC) to host images.slashdot.org when his T1 started getting full. We gave Slashdot free hosting and bandwidth for about 2-3 years, until he moved on to other servers.

    --
    -- I have a private email server in my basement.
  4. Re:what a stupid article by GIL_Dude · · Score: 4, Informative

    While your definitions are correct, a lot of drive by downloads happen when you visit otherwise trusted pages - because the ad network servers either got successfully breached or they didn't vet their advertisers well enough (again). For example - go to cnn.com today and view the source of the page. ads.indeed.com, doubleclick.com, etc. All of these ad networks have had serious issues with serving malicious advertisements from time to time. They will allow someone's ad that uses a malware kit attacking all the Java, Flash, Adobe Reader, etc. vulnerabilities that are out there. People shouldn't get drive by downloads just because they visited what should be a trustworthy site. So yes, drive by downloads can and do come from what are supposed to be ads. They are purchased via legitimate ad networks and run on many sites.