How Malvertising Abuses Real-Time Bidding On Ad Networks

msm1267 writes Dark corners of the Internet harbor trouble. They're supposed to. But what about when Yahoo, CNN.com, TMZ and other busy destination sites heave disaster upon visitors? That's the challenge posed by malvertising, the latest hacker Golden Goose used in cybercrime operations and even in some targeted attacks. Hackers are thriving in this arena because they have found an unwittingly complicit partner in the sundry ad networks to move malicious ads through legitimate processes. Adding gasoline to the raging fire is the abuse of real-time ad bidding, a revolution in the way online ads are sold. RTB enables better ad targeting for advertisers and less unsold inventory for publishers. Hackers can also hitch a ride with RTB and target malicious ads on any site they wish, much the way a legitimate advertiser would use the same system.

Liability

[Ryanrule]

Make sites FULLY liable for problems caused by malware they serve up. Problem solved.

Re:Anonymous advertisers

[kurkosdr]

"Host your own ads" is something only big sites can implement obviously. An ad agency is reliable if all the advertisers are non-anonymous, and hence responsible for the content they push through the ad agency. And don't tell me "it's not possible", there is this thing called HTTPS. Instead, as of now, anyone with a computer and internet connection can be an "advertizer". No eponymity or responsibilities, yay! This was good enough for the first years of the internet. "Freedom", easy, cheap blah blah, now it's not good enough, because there is lots of money to be made for malvertizing, and ad agencies can't keep up with preventing and blacklisting anonymous mal-ads. Unreliable ad agencies that don't care about my security will simply get Ad Blocked and lose my ad impressions (I don't care). Mutual non-caring.