Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crooks Created 28 Fake Ad Agencies To Disguise Massive Malvertising Campaign (bleepingcomputer.com)

Posted by BeauHD on from the under-the-radar dept.

An anonymous reader quotes a report from Bleeping Computer: A group of cyber-criminals created 28 fake ad agencies and bought over 1 billion ad views in 2017, which they used to deliver malicious ads that redirected unsuspecting users to tech support scams or sneaky pages peddling malware-laden software updates or software installers. The entire operation -- codenamed Zirconium -- appears to have started in February 2017, when the group started creating the fake ad agencies which later bought ad views from larger ad platforms. These fake ad agencies each had individual websites and even LinkedIn profiles for their fake CEOs. Their sole purpose was to interface with larger advertising platforms, appearing as legitimate businesses. Ad security company Confiant, the one who discovered this entire operation, says ads bought by this group reached 62% of ad-monetized websites on a weekly basis. All in all, Confiant believes that about 2.5 million users who've encountered Zirconium's malicious ads were redirected to a malicious site, with 95% of the victims being based in the U.S.

5 of 36 comments (clear)

  1. Not surprised. by YukariHirai · · Score: 5, Insightful

    This is why I use an adblocker, and am not moved by any given website's pleas for me to deactivate it for their site.

    1. Re:Not surprised. by alvinrod · · Score: 5, Insightful

      I wouldn't mind internet ads if they weren't so damned obnoxious. If it were just a plain .gif or something similar like a small image and a blurb of text, I probably wouldn't care about them at all or even bother blocking them. I'm not going to click on them or give them any thought, but I'll tolerate their presence as a way for a website to make some money.

      However, its the auto-play audio or video and the hideously massive blob of javascript that can bring multiple cores to a grinding halt for prolonged moments. It's the massive banner ads and side bars the obscure the content that a I care about and their seeming ability to break my experience with random focus requests and an insistence of tracking my across every site that I visit while eating just as much or more data and bandwidth as the content I'm there to see. Its the malicious ads running little programs to use my CPU cycles to mine for cryptocurrencies or that even try to infect my machine in other ways. Fuck all of that and everything else about them as well.

      Build a system that makes it impossible for ads to be annoying in the ways above, or I'm not turning off the adblocker either.

    2. Re:Not surprised. by Anonymous Coward · · Score: 3, Insightful

      The Internet advertising industry has exhibited, over the last two decades, a consistent pattern of complete, active and malevolent indifference to the well-being of yourself, your computing equipment and your data. "Malvertising" is a term because of their laxity. Their representatives equate using ad blocking software with racism combined with a direct attack on freedom of speech, and other editorials equate it to actively causing children to starve and stealing. Otherwise useful parts of JavaScript have had to be essentially obliterated because ads abuse them so very, very badly. They populate your screen with deceptive content, such as "diagnostic windows" and fake Download buttons in an attempt to entice you into downloading their shit.

      Link to more information on how your ad blocker is racist censorship (according to ad firms)

      A link to why they think you're a thief that steals food from children with ad blockers

      Google's ad service being used for cryptocurrency mining on web browsers

      It's too late for the Internet advertising industry. When trying to block out their crap has become an act of necessary self-defense, when they steal your processor cycles for their own gain for cryptocurrency, when they allow malware onto your machine, they've become an active hostile force. They are attacking you and consider you scum for defending yourself. Unfortunately there are just too many of the bad guys and not enough of the good guys here, and as such a potentially harmless way of keeping websites afloat is essentially doomed in its current form (although something like, say, the Brave browser's model might work).

  2. Morale: Stay away from ads... by gweihir · · Score: 3, Insightful

    At this time, an ad-blocker must be considered a mandatory security precaution.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  3. Caution, Ad Industry by Somebody+Is+Using+My · · Score: 3, Insightful

    This is the sort of thing that attracts government attention. For years - over a decade! - people have been decrying advertisements as a vector for malware, and the industry has completely ignored it, offering any advert from its partners without checking its content. And just as predicted, we've had a stream of advertisements offering up malware, stealing people's information and infecting their computers. And still the industry has done nothing. Now you actually have criminal enterprises creating their own ad agencies to speed up the process.

    At some point - and I don't think that time is too far away - some government is going to step up and say, "enough is enough" and start regulating you. And it most likely will be done in the most ham-handed way possible, that will be good for neither your industry, your partners or the people viewing the ads. So clean up your fucking act before it gets to that point. Or shut the fuck up when government does finally clamp down, because you've had years and years and years of warning and opportunity to fix things and haven't done a god damned thing!