Daswani said that, overall, his company saw a 100% increase in the amount of malicious advertising from the third- to fourth quarters, 2010. However, much of that was due to an expansion of the sites Dasient monitored, with an increasing focus on so-called 'remnant' ad networks, which aggregate 'remnant' advertisements from direct marketers, who often have little oversight about where the ads appear.
Though most remnant ad networks are legitimate businesses, many are also susceptible to manipulation. Malicious hackers have found a variety of ways to insert malicious content into their legitimate ad streams: either compromising the ad network's ad server and replacing a legitimate ad with a malicious one, or by submitting a legitimate ad image, then replacing it with a malicious image after a set period of time, Daswani said.
Those images can find their way even to high value sites, because top tier online ad networks often syndicate ads from other publishers to fill in gaps in their own service, Daswani said. In recent weeks, well-ranked sites such as Autotrader.co.uk, cinema site Myvue.com and londonstockexchange.com were reported to have served up malicious advertisements. Malicious ads are commonly used to display pop up messages with links that will take users to a drive by download Web site download rogue anti virus programs or other threats.
Malicious ads are, by no means, limited to remnant ad networks. In January, major ad networks DoubleClick and MSN were duped into serving malicious ads from attackers who registered a malicious site that masqueraded as AdShuffle.com, an online advertising technology firm.
[ThreatPost]
No comments:
Post a Comment