Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malvertising Campaign Infected Thousands of Users Per Day For More Than a Year (softpedia.com)

Posted by BeauHD on from the malicious-servers dept.

An anonymous reader writes from a report via Softpedia: Since the summer of 2015, users that surfed 113 major, legitimate websites were subjected to one of the most advanced malvertising campaigns ever discovered, with signs that this might have actually been happening since 2013. Infecting a whopping 22 advertising platforms, the criminal gang behind this campaign used complicated traffic filtering systems to select users ripe for infection, usually with banking trojans. The campaign constantly pulled between 1 and 5 million users per day, infecting thousands, and netting the crooks millions each month. The malicious ads, according to this list, were shown on sites like The New York Times, Le Figaro, The Verge, PCMag, IBTimes, Ars Technica, Daily Mail, Telegraaf, La Gazetta dello Sport, CBS Sports, Top Gear, Urban Dictionary, Playboy, Answers.com, Sky.com, and more.

3 of 135 comments (clear)

  1. No problem by Anonymous Coward · · Score: 1, Informative

    Only morons would browse the web without an adblocker anyway.

  2. Re: Yawn by Anonymous Coward · · Score: 4, Informative

    A lot more details are in the original write up: https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-campaigns-use-steganography-and-file-whitelisting-to-hide-in-plain-sight

  3. You can't advertise on "the Internet" by tepples · · Score: 3, Informative

    Bring advertising in-house. Its not 1997 anymore, there is no reason to rely on 3rd party platforms for advertising. Everyone knows the internet is a thing now

    How do advertisers know which particular sites are "a thing", especially smaller sites that are too big to be run as a pure hobby but not yet big enough to be household names?

    and wants to advertise on it.

    But without an intermediary, you can't advertise on "the internet". Instead, you would have to advertise on individual publishers' sites, which is much more time-consuming for both advertisers and publishers.*

    Say you have 30 publishers, each of which wants to find relevant advertisers, and 30 advertisers, each of which wants to find relevant publishers. If there is an intermediary, this means 60 contracts to review and sign. If there is no intermediary, there are 900. How does a change from O(n) with an intermediary to O(n^2) without one improve the market?

    And even then, how will an individual publisher be able to reassure its advertisers that view and click statistics are accurate and not inflated? All other things being equal, an intermediary such as Google is considered more trustworthy because it has more to lose should a claim of fraud end up substantiated.

    * In the advertising market, a "publisher" is the operator of a site that carriers ads.