How Malvertising Abuses Real-Time Bidding On Ad Networks

msm1267 writes Dark corners of the Internet harbor trouble. They're supposed to. But what about when Yahoo, CNN.com, TMZ and other busy destination sites heave disaster upon visitors? That's the challenge posed by malvertising, the latest hacker Golden Goose used in cybercrime operations and even in some targeted attacks. Hackers are thriving in this arena because they have found an unwittingly complicit partner in the sundry ad networks to move malicious ads through legitimate processes. Adding gasoline to the raging fire is the abuse of real-time ad bidding, a revolution in the way online ads are sold. RTB enables better ad targeting for advertisers and less unsold inventory for publishers. Hackers can also hitch a ride with RTB and target malicious ads on any site they wish, much the way a legitimate advertiser would use the same system.

Anonymous advertisers

[kurkosdr]

Ahh... The joys of having anonymous advertisers, even on well-known sites: Not only some of the ads are of questionable legality, but some of them may actually hurt you. THIS is why AdBlock Edge is a security policy, not an adblocking policy. Don't give me the "freeloader" talk. Either host your own ads and be responsible for them, or partner with reliable ad agencies (and maybe I will unblock them).

Re:Meh

[Noah+Haders]

Reason number 48372534786 why it's better just to universally block advertisements on the internet.

Apple has been leading on this front with several initiatives to protect users from malicious ads. One of them was a setting in Safari to only accept cookies from the first-party site, so when you go to cnn.com the browser accepts a cookie from cnn.com but not from malvertiser.com, who has a banner ad on the site.

This upset google because it cut into their business model of selling effective ad space. So google inserted malicious code into webpages to hack the safari browser and override security settings so it could download unwanted and potentially malicious files onto users computers. Because of this, google received the biggest fine in FTC history and is being sued for privacy violations in the UK.

Think about this for a second, and what it means. A website overriding browser security settings to serve unwanted and possibly malicious files. This is outrageous and unethical, and if it were Microsoft then the entire internet community would be enraged. Also think about it in light of this article on malvertisements, which google was actively propagating.

Apple has since taken the cat and mouse game further, so the setting is "allow from current website only". I expect malvertisers to scramble to overcome this block, but I hope that legitimate respected top tier internet companies act a little more ethically.

Re:Meh

[sconeu]

Yeah, Apple *really* led with that. Firefox has had a "block third party cookies" setting since day one.