Stealthy malvertising attacks are proliferating online, causing more than just infections in millions of users' systems, but also tarnishing the reputations of trusted sites, according to a report from Bromium Inc.
The report, “Optimized Mal-Ops: Hack the ads network like a boss,” detailed specific examples of attackers leveraging ad networks to launch exploit kits and spread malware. While examining YouTube, which is serviced through Google's DoubleClick ad network, researchers found that the video service tends to serve up more trojans than exploits and processes created. From March to June, the percent of pages infected with trojans on YouTube increased by about 15 percent, ultimately accounting for more than 50 percent of malicious pages on the site. Meanwhile, scripting exploits, exploits and new processes all accounted for less than 20 percent each.
The study attributed the shift to Google's network detecting the attacks after they've already been installed on a victim's system. The attacks go undetected during the exploitation stage. Malware developers are probably paying attention to this and adjusting their attacks to play off the ad network having a difficult time detecting the exploitation stage, the report said.
Rahul Kashyap, chief security architect and head of research, said the blame shouldn't be laid on end-users who click the malicious ads, as some professionals believe it should.
“There is a real operational problem with how you deal with this [kind of attack],” Kashyap said in a Thursday interview with SCMagazine.com. “There needs to be accountability and compliance that the ad industry adheres to…this is completely missing right now.”
Online publishers need to rise up and hold ad networks accountable, Kashyap said. “It's a $200 billion industry, but the security aspect is missing right now,” he said. Coordination among members of the industry, as well as fundamentally altering how ad networks work, are essential for combating pervasive malvertising, he said.