Inside the Booming, Unhinged, and Dangerous Malvertising Menace

mask.of.sanity writes: The Register has a feature on the online malicious advertising (malvertising) menace that has become an explosively potent threat to end-user security on the internet. Experts say advertising networks and exchanges need to vet their customers, and publishers need to vet the third party content they display. Users should also consider script and ad blockers in the interim. From the article: "Ads as an attack vector was identified in 2007 when security responders began receiving reports of malware hitting user machines as victims viewed online advertisements. By year's end William Salusky of the SANS Internet Storms Centre had concocted a name for the attacks. Since then malvertising has exploded. This year it increased by more than 260 percent on the previous year, with some 450,000 malicious ads reported in the first six months alone, according to numbers by RiskIQ. Last year, security firm Cyphort found a 300 percent increase in malvertising. In 2013, the Online Trust Alliance logged a more than 200 percent increase in malvertising incidents compared to 2012, serving some 12.4 billion malvertisement impressions."

Re:Advertisers, worry about security? Get real

[gweihir]

Very much so. Advertising is a plague and deserves to be eradicated. And don't tell me "it finances content", because so can crime, and apparently the distinction is not entirely clear anymore. There are other ways to finance content, and if you do not qualify, maybe your content was not valuable in the first place.

Re:I work in online advertising

[RogueyWon]

The "mom and pop" sites point rings amusingly true for me.

Around a year ago, my dad went through a wave of really nasty malware infections. The ones that block your AV software, redirect your DNS and generally embed themselves right across the OS.

Now, my dad has historically been a bit of a malware-magnet. He falls into the category of "knows just about enough to think he knows everything", which used to lead him into some really poor security practices. But after a really nasty infection in 2012 which resulted in him losing quite a significant chunk of personal data, I thought he'd finally learned his lesson. He was keeping on top of Windows Update, keeping an updated AVG install, running weekly Malwarebytes scans and had finally, finally, stopped opening dodgy e-mail attachments from his perpetually-malware-infested dickhead golf-buddy friends.

I'd also put him on an adblocker. I wasn't using one myself at the time (though I am now), but I was sick of making the 4-hour-each-way journey to his place to fix his machine, so I'd held nothing back.

So a wave of four or five infections in the space of a month came as a bit of a shock. What was surprising was that he was getting re-infected very quickly after each disinfection (including one which involved a full format-reinstall of Windows).

Eventually, after going through his browser history after two consecutive infections (and half-expecting to find a megaton of pr0n), I track down the source.

And it's not pr0n, it's his bloody family history club website. Some online forum he participates in for people who are trying to trace their ancestry in a particular area. It has under 50 regular participants. It also has a prominent notice about how much the site depends on advertising income to stay in operation and asking users to disable or make an exception in their adblocker (with instructions on how to do so).

My dad has, of course, been making an exception for this site, which is then pushing a remarkably concentrated and toxic cocktail of malware-infested ads almost every time it is accessed. We actually ended up on the phone to the guy who ran the site, begging him to switch to another advertising provider. He wasn't exactly enthusiastic, so the adblocker remained in place. Don't know where things have got to since then.