Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Malvertising Abuses Real-Time Bidding On Ad Networks

Posted by samzenpus on from the rotten-apples dept.

msm1267 writes Dark corners of the Internet harbor trouble. They're supposed to. But what about when Yahoo, CNN.com, TMZ and other busy destination sites heave disaster upon visitors? That's the challenge posed by malvertising, the latest hacker Golden Goose used in cybercrime operations and even in some targeted attacks. Hackers are thriving in this arena because they have found an unwittingly complicit partner in the sundry ad networks to move malicious ads through legitimate processes. Adding gasoline to the raging fire is the abuse of real-time ad bidding, a revolution in the way online ads are sold. RTB enables better ad targeting for advertisers and less unsold inventory for publishers. Hackers can also hitch a ride with RTB and target malicious ads on any site they wish, much the way a legitimate advertiser would use the same system.

8 of 113 comments (clear)

  1. It's all automated by Anonymous Coward · · Score: 2, Insightful

    The second you take the human out of the loop on who approves something going into production, you open up a huge avenue of risk: that the automation will put something you don't want out on the Web.

  2. plagiarism by sribe · · Score: 4, Insightful

    Direct copy-and-paste from an article should be quoted, to make it clear that in fact msm1267 wrote nothing at all.

    Sigh, OTOH, at least the "summary" is not a gross misrepresentation, like so many others.

    1. Re:plagiarism by Noah+Haders · · Score: 3, Insightful

      if it were my summary I would definitely attribute it to somebody else, because it makes absolutely no sense. what does this mean? "But what about when Yahoo, CNN.com, TMZ and other busy destination sites heave disaster upon visitors?" what does the rest of the summary mean?

  3. clean your own stable first by Thud457 · · Score: 4, Insightful

    I'm sorry. Please explain to me again how I'm stealing food from "content creator"'s mouths by running addblock. And why I hate freedom for making Flash click to play.

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  4. Why not restrict all ads to GIFs or JPGs? by Anonymous Coward · · Score: 3, Insightful

    Users getting malware infection from ads is a really big problem even when you never click on them.
    Why not restrict all ads to GIFs (static or animated) and JPGs?

  5. Why don't they recompress all the images? by Ambassador+Kosh · · Score: 3, Insightful

    Aren't most exploits removed by loading the image and then recompressing it? Why would you ever serve the raw binary for an image at least that was directly given to you by an advertiser? Isn't that just asking for an exploit?

    I understand flash is much harder to deal with. Maybe the ad networks need some kind of template for allowed flash so they can take the flash file, take it apart, recompress all the images in and and then load it into their own template so that any exploits in it are probably removed.

    --
    Computer modeling for biotech drug manufacturing is HARD! :)
  6. No one cares by Runaway1956 · · Score: 3, Insightful

    Absolutely NO ONE cares that some individual blogger makes a dollar from his blogging. Not the readers, not the corporations, not your ISP/host, not even the government, NO ONE. None of us gives a small rat's ass. But, yes, you CAN negotiate with some advertiser whom you deem to be reputable, and not suck at the Google teat, or whatever. Host your own ads, or I won't see them, it's really that simple. All the big ad servers are blocked on my machines.

    Reliable ad agency? Yeah, I gotta agree, that's kinda funny. It may even qualify as a full fledged oxymoron.

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  7. Re:Meh by Anonymous Coward · · Score: 2, Insightful

    but never as the default.