Slashdot Mirror
Malvertising Up By Over 200%
An anonymous reader writes "Online Trust Alliance (OTA) Executive Director and President Craig Spiezle testified before the U.S. Senate's Homeland Security and Governmental Affairs Permanent Subcommittee on Investigations, outlining the risks of malicious advertising, and possible solutions to stem the rising tide. According to OTA research, malvertising increased by over 200% in 2013 to over 209,000 incidents, generating over 12.4 billion malicious ad impressions. The threats are significant, warns the Seattle-based non-profit—with the majority of malicious ads infecting users' computers via 'drive by downloads,' which occur when a user innocently visits a web site, with no interaction or clicking required."
The others being performance and functionality related. I don't like ad's due to the security risk, and they can slow down my machine and make it very fucking hard to see the article.
If your site has harmless ad's, that is one thing.
On the other hand, if your site can only survive by being paid for with ads, you need a new business model.
If you ignore ACs because they are anonymous - you're an idiot.
> On the other hand, if your site can only survive by being paid for with ads, you need
> a new business model.
Like Slashdot, you mean? Or is this site supported by the Bandwidth Pixies?
Or is this site supported by the Bandwidth Pixies?
At one point, yes. I was one of them. I worked at an ISP and we gave Rob Malda a Pentium Linux box (slackware, IIRC) to host images.slashdot.org when his T1 started getting full. We gave Slashdot free hosting and bandwidth for about 2-3 years, until he moved on to other servers.
-- I have a private email server in my basement.
Too many web sites which run ads are buying them through a chain of multiple resellers. Under current law, the web site running the ad can usually disclaim responsibility for hostile ads. That may change. The article is about testimony before the U.S. Senate's committee on homeland security.
The site that displays the ads should be held responsible. Sites which run ads would then need to protect themselves by legal and technical means. For example, if you run ads on your site, your contract with the advertising provider should provide that they will indemify and defend you should a bad ad get through.
While your definitions are correct, a lot of drive by downloads happen when you visit otherwise trusted pages - because the ad network servers either got successfully breached or they didn't vet their advertisers well enough (again). For example - go to cnn.com today and view the source of the page. ads.indeed.com, doubleclick.com, etc. All of these ad networks have had serious issues with serving malicious advertisements from time to time. They will allow someone's ad that uses a malware kit attacking all the Java, Flash, Adobe Reader, etc. vulnerabilities that are out there. People shouldn't get drive by downloads just because they visited what should be a trustworthy site. So yes, drive by downloads can and do come from what are supposed to be ads. They are purchased via legitimate ad networks and run on many sites.
This is yet one more example illustrating precisely why ad blocking is necessary. The bloggers and others who make their living in the content business howl with righteous indignation at those of us who use these tools, but I submit that their anger is misdirected. On the contrary, it's the advertising networks who rightly deserve their wrath for allowing their business to become a cesspool of infectious viruses, worms and frankly worthless crap. Indeed, it seems that their motto is, "our advertising services are the right thing for anyone with a credit card, no questions asked." So I ask you, why should visiting your site without ad and script blocking enabled be akin to walking into the darkest corner of the bathhouse, bending over and letting everyone have their way with nary a condom nor a reach around in sight?