Malvertising: An attack that could be easily avoided

Share this article:

As if online advertisements were not enough of a nuisance, a sinister variant is gaining traction.

Fraudulent and malicious advertising – known as malvertising – is among the sneakier threats discussed in the latest set of guidelines released Tuesday by the Online Trust Alliance (OTA), a nonprofit community formed to promote safe internet practices.

Malvertising is a lesser known attack method that is quickly gaining momentum, and it is exactly what it sounds like: online advertising used to spread malware. Ne'er-do-wells are able to distribute the compromised ads to genuine websites by using fraud identities, web hosting accounts and email addresses to trick companies.

What happens next is pretty standard: An unsuspecting user clicks on the advertisement, unknowingly downloads a piece of malware, and consequently begins experiencing any number of problems that might be spurred by the malicious attachment.

“This is a real threat and a real challenge,” Craig Spiezle, OTA executive director and president, told on Wednesday. “If that ad gets served, even if it is taken down 24 to 48 hours later, hundreds of thousands have seen it.”

Since attackers use stolen or fraudulent credentials, “it's anonymous and scalable,” Spiezle said of the particularly effective form of attack.

With one piece of malvertising averaging out to a hundred thousand impressions, or views, Spiezle said it is safe to estimate that 10 billion malicious advertisements were seen in 2012, with 42 percent of them coming as drive-by executions without user interaction.

The OTA think-tank analyzed hundreds of malvertising cases and in the end determined that more than 60 percent of instances involving fraudulent ads would have been easily avoidable had the company exercised “operational discipline and a vetting process to make sure the advertiser was legitimate,” Spiezle said.

To mitigate risk, entities that allow advertising are encouraged by the OTA to take a little bit of time to question the situation – asking about ad-serving activities, timing and urgency, corporate and individual identity, and reputation – to get a feel for the promoter.

Other areas explored in the newly issued guidelines include addressing botnets – a typically large network of compromised computers used to carry out illicit tasks – through a coordinated effort involving prevention, detection, notification, remediation and recovery, as well as best practices for web hosting and cloud service providers.

What areas will OTA explore next?

“We need to think about how mobile devices are being compromised,” said Spiezle. “As a result of the surge in mobile usage as a platform, cyber criminals are following the people and the money.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.