Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crooks Created 28 Fake Ad Agencies To Disguise Massive Malvertising Campaign (bleepingcomputer.com)

Posted by BeauHD on from the under-the-radar dept.

An anonymous reader quotes a report from Bleeping Computer: A group of cyber-criminals created 28 fake ad agencies and bought over 1 billion ad views in 2017, which they used to deliver malicious ads that redirected unsuspecting users to tech support scams or sneaky pages peddling malware-laden software updates or software installers. The entire operation -- codenamed Zirconium -- appears to have started in February 2017, when the group started creating the fake ad agencies which later bought ad views from larger ad platforms. These fake ad agencies each had individual websites and even LinkedIn profiles for their fake CEOs. Their sole purpose was to interface with larger advertising platforms, appearing as legitimate businesses. Ad security company Confiant, the one who discovered this entire operation, says ads bought by this group reached 62% of ad-monetized websites on a weekly basis. All in all, Confiant believes that about 2.5 million users who've encountered Zirconium's malicious ads were redirected to a malicious site, with 95% of the victims being based in the U.S.

36 comments

  1. Not surprised. by YukariHirai · · Score: 5, Insightful

    This is why I use an adblocker, and am not moved by any given website's pleas for me to deactivate it for their site.

    1. Re:Not surprised. by Anonymous Coward · · Score: 1

      100% these sites are to lazy to get their own advertising and audit the adverts properly....

    2. Re:Not surprised. by dwywit · · Score: 1

      Yep. It's noscript for me - and I won't turn it off or whitelist your website/s until the adverstising industry implements some security to validate what it's sending to pester me.

      Perhaps a, oh what would you call it? A "certificate"?

      --
      They sentenced me to twenty years of boredom
    3. Re:Not surprised. by alvinrod · · Score: 5, Insightful

      I wouldn't mind internet ads if they weren't so damned obnoxious. If it were just a plain .gif or something similar like a small image and a blurb of text, I probably wouldn't care about them at all or even bother blocking them. I'm not going to click on them or give them any thought, but I'll tolerate their presence as a way for a website to make some money.

      However, its the auto-play audio or video and the hideously massive blob of javascript that can bring multiple cores to a grinding halt for prolonged moments. It's the massive banner ads and side bars the obscure the content that a I care about and their seeming ability to break my experience with random focus requests and an insistence of tracking my across every site that I visit while eating just as much or more data and bandwidth as the content I'm there to see. Its the malicious ads running little programs to use my CPU cycles to mine for cryptocurrencies or that even try to infect my machine in other ways. Fuck all of that and everything else about them as well.

      Build a system that makes it impossible for ads to be annoying in the ways above, or I'm not turning off the adblocker either.

    4. Re:Not surprised. by Anonymous Coward · · Score: 0

      Yep. It's noscript for me - and I won't turn it off or whitelist your website/s until the adverstising industry implements some security to validate what it's sending to pester me.

      Perhaps a, oh what would you call it? A "certificate"?

      We have a "certificate" system that is supposed to identify websites and it is completely corrupt, broken and useless. Trying to do the same for advertising would be no different.

      There is only one answer: block 100% of all ads and don't patronize any website that complains about adblocking until websites clean up their act and stop pushing shit on us.

    5. Re:Not surprised. by Anonymous Coward · · Score: 0

      This is why I use an adblocker

      This is how I justify using an ad blocker, but I would use one anyway.

    6. Re:Not surprised. by Anonymous Coward · · Score: 3, Insightful

      The Internet advertising industry has exhibited, over the last two decades, a consistent pattern of complete, active and malevolent indifference to the well-being of yourself, your computing equipment and your data. "Malvertising" is a term because of their laxity. Their representatives equate using ad blocking software with racism combined with a direct attack on freedom of speech, and other editorials equate it to actively causing children to starve and stealing. Otherwise useful parts of JavaScript have had to be essentially obliterated because ads abuse them so very, very badly. They populate your screen with deceptive content, such as "diagnostic windows" and fake Download buttons in an attempt to entice you into downloading their shit.

      Link to more information on how your ad blocker is racist censorship (according to ad firms)

      A link to why they think you're a thief that steals food from children with ad blockers

      Google's ad service being used for cryptocurrency mining on web browsers

      It's too late for the Internet advertising industry. When trying to block out their crap has become an act of necessary self-defense, when they steal your processor cycles for their own gain for cryptocurrency, when they allow malware onto your machine, they've become an active hostile force. They are attacking you and consider you scum for defending yourself. Unfortunately there are just too many of the bad guys and not enough of the good guys here, and as such a potentially harmless way of keeping websites afloat is essentially doomed in its current form (although something like, say, the Brave browser's model might work).

    7. Re:Not surprised. by KozmoStevnNaut · · Score: 1

      I just hate advertising in general, offline or online.

      So for me it's Firefox with uBlock Origin (dynamic mode with 3rd-party resources on default-deny), Privacy Badger, DDG Privacy Essentials, Decentraleyes, Cookie Autodelete, Canvasblocker, First Party Isolation, Smart Referer and Link Cleaner.

      --
      Eat the rich.
  2. Another reason by AHuxley · · Score: 2

    to always use FF, ad blockers and noscript.

    --
    Domestic spying is now "Benign Information Gathering"
  3. You sure that wasn't just the DNC and RNC? by xxxJonBoyxxx · · Score: 1

    >> created 28 fake ad agencies and bought over 1 billion ad views

    Sounds like SOP in national political campaigning.

  4. A fake ad agency? That placed ads? by No+Longer+an+AC · · Score: 5, Interesting

    It seems to me the ad agency was very real and they were doing what ad agencies do. I worked for an ad agency briefly. It was a fascinating experience but those people are experts at twisted thinking. Serving you malware is just a part of these very real ad agencies business plan.

    Ad agencies are supposed to influence you - or at least convince businesses that if they pay you they can influence your customers.

    “The consumer isn't a moron. She is your wife.”
      David Ogilvy, Confessions of an Advertising Man

    That sounds terribly sexist, but I'm pretty sure Mad Men don't give a shit. They just have to imprint their brand in your head. And then beat the consumer with it so it becomes unthinkable that they might even consider a different brand.

    Coca Cola - it's simply the Rolls Royce of fizzy drinks! Wait, what? Shut up and buy it.

  5. And they wonder why by quonset · · Score: 1

    Why would anyone use an adblocker? Ads are innocuous. They are needed to deliver content.

    And malware.

    Why would anyone use an adblocker?

  6. Morale: Stay away from ads... by gweihir · · Score: 3, Insightful

    At this time, an ad-blocker must be considered a mandatory security precaution.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  7. Content targetted advertising... by Anonymous Coward · · Score: 0

    readthedocs.io gets it... even if their advertisers don't.

    A small image. Some text. One or more links. Sits on the same storage and infrastructure as the website.

  8. Spread the word by duke_cheetah2003 · · Score: 2

    Tell everyone you know to use an adblocker. Show them how if necessary, train your fellows how to not click on ads and be aware of the status bar when hovering over links.

    Tell people to pay attention to address bar, be aware of where you are, and navigate away from questionable sites. Pay attention to security warnings if they happen, teach people to not be afraid to ask someone smarter to help if a security warning comes up.

    The majority of people browsing the net just aren't properly trained on how to avoid the pitfalls and evil lurking at every other link. Just help out, pass on your knowledge to as many as possible.

    1. Re:Spread the word by mentil · · Score: 1

      I installed adblockers on my parents' computers. They've never complained about websites not working, or about all the ads they're missing.

      --
      Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
    2. Re:Spread the word by AHuxley · · Score: 1

      Yes no matter how much a site layers over the demands and requests to whitelist them, never turn off the no script and ad blockers.

      --
      Domestic spying is now "Benign Information Gathering"
  9. Related to fake Firefox updates via Yahoo? by mnemotronic · · Score: 1

    I wonder if these aholes were responsible for the fake mozilla "Update Firefox" popups I would routinely get while on Yahoo email. The popup said to update Firefox by downloading and running a "firefox-patch.js". I started running firefox with the dev tools window open so that I could see the network traffic and track them down. The redirects were too convoluted for me to follow with my limited knowledge. Recent versions of firefox seem to have eliminated this problem.


    #include useless_AC_flames

    --
    The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
  10. All advertising is malvertising. By definition. by Anonymous Coward · · Score: 1

    So apparently, they created things that we get to se, in order to make us lose money, without any us having any gain from it.

    How's that any different than all advertising ever, by its very definition?

    If it wasn't to rip us off, then a record of all its properties, with SI units and standardized testing methods, would automatically put it at the top of a price/performance comparison site.
    No, nothing of that kind is usually even mentioned in advertisement. It's just manipulative emotion triggering. Like mobile phone ads that consist of nothing but the phone, shown from the side, to highlight its thinness, and maybe the name below or above. Even though that is utterly irrelevant as long as it fits your pocket. Which the fucking thing doesn't even, due to the size of its other dimensions!

    Advertisement is a crime. Attempted fraud. No exception.

  11. a what agency? by Anonymous Coward · · Score: 0

    what is a "fake ad agency" as opposed to a "real ad agency"? that pretty much is the same thing, if you think about it.

    1. Re:a what agency? by Anonymous Coward · · Score: 0

      I think they mean a real ad agency places ads for clients (obviously "advertising"), while these fake ad agencies bought ads to hijack traffic to distribute malware (evidently not "advertising").

  12. Caution, Ad Industry by Somebody+Is+Using+My · · Score: 3, Insightful

    This is the sort of thing that attracts government attention. For years - over a decade! - people have been decrying advertisements as a vector for malware, and the industry has completely ignored it, offering any advert from its partners without checking its content. And just as predicted, we've had a stream of advertisements offering up malware, stealing people's information and infecting their computers. And still the industry has done nothing. Now you actually have criminal enterprises creating their own ad agencies to speed up the process.

    At some point - and I don't think that time is too far away - some government is going to step up and say, "enough is enough" and start regulating you. And it most likely will be done in the most ham-handed way possible, that will be good for neither your industry, your partners or the people viewing the ads. So clean up your fucking act before it gets to that point. Or shut the fuck up when government does finally clamp down, because you've had years and years and years of warning and opportunity to fix things and haven't done a god damned thing!

    1. Re:Caution, Ad Industry by Anonymous Coward · · Score: 0

      thanks for the info

  13. once again... by sootman · · Score: 1

    I drink milk because I like the taste. As a side benefit, it's rather healthy.

    I block ads because they're annoying.* As a side benefit, I'm protecting myself from shit like this.

    * Same reason that I used to get up and go to the bathroom or get a drink while ads played on TV before the WWW existed. Same reason I fast-forwarded over them when watching taped shows when VCRs were new. "Ad blocking" is nothing new. Marketers and publishers who get all pissy about it can go fuck themselves. I would like to find one marketing or publishing exec who watches DVR'ed shows with his family and FORBIDS anyone from leaving the room during ads or fast-forwarding over them, even when you're seeing the same Tide spot for the fiftieth fucking time.

    --
    Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
  14. The narrative changes: "fake ads" might work. by Anonymous Coward · · Score: 0

    The narrative changes: "fake ads" might work.

    They're faking revenue, even worse than faking reality!

  15. Re:A fake ad agency? That placed ads? by Anonymous Coward · · Score: 0

    Ad agencies are supposed to influence you - or at least convince businesses that if they pay you they can influence your customers.

    That's the correct statement. Ad agencies exist to convince companies to buy ads. They don't care about customers except that they have to convince companies that they can reach customers.

  16. Adblockers by hduff · · Score: 1

    Why you should use them.

    --
    "I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
  17. Truth Being Sexist? by Anonymous Coward · · Score: 0

    Oh my der, cultural Marxists have done lÃst of damage to your Whitey Brain.

  18. Re: In Other News by Anonymous Coward · · Score: 0

    I think it was the war industry. The MSM's most noble function is to whip the sheeple into supporting of new wars.

  19. Meh by Anonymous Coward · · Score: 0

    I doubt your adressees understand the problem, yet. All they understand is their propaganda methods and how to rake in dollars tomorrow. Fuck the day after tomorrow.

  20. Sigh by fireylord · · Score: 1

    I suppose the ad agencies will never get it, and nor will websites that show their product. Either you're 100% liable for the damage wrought from malware spread from your servers (and then you might give a damn about making sure the ads are properly vetted), or sensible people will block the garbage your adserver outputs.

  21. When will browser become sane again? by Anonymous Coward · · Score: 0

    The default should be that browsers ONLY open Javascript from the domain they're visiting. Leave it to developers to turn on more than that for themselves. As for the rest, the advertisers and the trackers? I understand that Ads are what makes the web free in so many other places, so I'm actually ok with being shown ads. It's the JS's that DON'T show themselves that bother me so much more. And all those little 1x1 web bugs. Those are the corporate creeps of the 21st centure

  22. Easy to stop it via hosts files... apk by Anonymous Coward · · Score: 0

    0.0.0.0 sionicmedia.com
    0.0.0.0 clickopon.com
    0.0.0.0 alliance4media.com
    0.0.0.0 plainmedia.com
    0.0.0.0 chacomedia.com
    0.0.0.0 indiaonclick.com
    0.0.0.0 beginads.com
    0.0.0.0 tradersbrokers.com
    0.0.0.0 powertradeprofit.com
    0.0.0.0 axiatraders.com
    0.0.0.0 mediaparade.net
    0.0.0.0 hoffmanbroker.com
    0.0.0.0 buzzclicks.com
    0.0.0.0 face2trade.com
    0.0.0.0 mediabarterexchange.com
    0.0.0.0 k5market.com
    0.0.0.0 deshmedia.com
    0.0.0.0 elixmedia.com
    0.0.0.0 kobenetwork.com
    0.0.0.0 adtekmedia.com
    0.0.0.0 ministryofads.com
    0.0.0.0 bigsharkmedia.com
    0.0.0.0 grandonmedia.com
    0.0.0.0 adsflame.com
    0.0.0.0 roboinside.com
    0.0.0.0 mediadirectx.com
    0.0.0.0 enatimedia.com
    0.0.0.0 ads2live.com

    Via APK Hosts File Engine 10++ SR-1 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

    APK

    P.S. - * SOURCE https://www.bleepingcomputer.c...