Malvertising Campaign Infected Thousands of Users Per Day For More Than a Year

An anonymous reader writes from a report via Softpedia: Since the summer of 2015, users that surfed 113 major, legitimate websites were subjected to one of the most advanced malvertising campaigns ever discovered, with signs that this might have actually been happening since 2013. Infecting a whopping 22 advertising platforms, the criminal gang behind this campaign used complicated traffic filtering systems to select users ripe for infection, usually with banking trojans. The campaign constantly pulled between 1 and 5 million users per day, infecting thousands, and netting the crooks millions each month. The malicious ads, according to this list, were shown on sites like The New York Times, Le Figaro, The Verge, PCMag, IBTimes, Ars Technica, Daily Mail, Telegraaf, La Gazetta dello Sport, CBS Sports, Top Gear, Urban Dictionary, Playboy, Answers.com, Sky.com, and more.

We knew this

Its why Ad-blocking has become a thing. So, yeah, we're gonna keep blocking ads to avoid this crap.

Stop using Flash. Don't even allow it on your website.
Bring advertising in-house. Its not 1997 anymore, there is no reason to rely on 3rd party platforms for advertising. Everyone knows the internet is a thing now and wants to advertise on it.
Stop looking at those who block ads as your enemies. These are the smart consumers you want to engage with. Unless your shoveling shit of course.

We warned you and warned you this was happening, but you were blinded by money and laziness. Now you're merely getting what was coming to you.

Re:We knew this

[TroII]

There is no evidence that suggests you're any safer with adblock

The very article you're commenting about is proof that you're safer with an ad blocker.

The answer to malvertising

[jrumney]

Make sites responsible for the ads they carry. The address networks (Google and whoever is left that they haven't bought yet) will then be forced by the customers with enough power to start taking responsibility, which will incentivise them to do more about the problem. As long as we allow companies to pass the buck, advertising will remain an opportunity for criminals to exploit.

Re:The answer to malvertising

[msauve]

"Make sites responsible for the ads they carry."

I disagree. If a website is open, so visitors can protect themselves by using ad blockers or other filters, they should not be held responsible for third party content. They should only be responsible for the content they provide directly.

But, if a website forces visitors to disable ad blockers (or filters of any sort) before using their site, they should then be held responsible for any malfeasance due to all content they provide, directly or indirectly.

Re:The answer to malvertising

[Anne+Thwacks]

Common carrier protects ISPs. It does not protect website operators. It most certainly does not protect people who serve third party ads containing malware. They are in the same boat as people who sell contaminated food supplied by third parties.

The consumer has right of redress against whoever supplies them.

Except in America, where the criminal has the rights to whatever he can get away with.

Re:The answer to malvertising

[Aighearach]

Exactly. Just like on television; if a channel broadcasts an ad with boobies, it is the channel that gets fined, not the advertiser. Who paid for me to see Janet Jackson's nipple shield? Her? No, CBS.

Thank you, Adblock!

[elrous0]

And, to think, several of those sites had the nerve to chastise me for using it.

Re: No problem

"Like, I manage ad networks"

And there it is. No one wants to see fucking ads you stupid mother fucker.

Comment removed

[account_deleted]

Comment removed based on user account deletion