madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Report: 3 million malvertising impressions served per day

By | March 8, 2011, 6:30am PST

Summary: According to data released by Dasient, the company observed a 100 percent increase in malvertising attacks from Q3 to Q4 2010, from 1.5 million malvertising impressions per day in Q3 2010 to 3 million malicious impressions in Q4.

According to data released by Dasient, the company observed a 100 percent increase in malvertising attacks from Q3 to Q4 2010, from 1.5 million malvertising impressions per day in Q3 2010 to 3 million malicious impressions in Q4.

Some highlights from the report:

  • The average lifetime of a malvertising campaign has dropped for the second consecutive quarter in a row — down to an average of 9.8 days, as compared to 11.1 in Q3, and 11.8 in Q2.
  • Malvertisers typically mount their attacks on weekends, during which IT departments are slower to respond, as we have seen in previous quarters, and continued to see in Q4 2010 as per the figure below.
  • Over the past year, we’ve estimated that over 4 millions domains have been infected.
  • After three months of web browsing, the probability that an average Internet user will hit an infected page is approximately 95%.

Cybercriminals usually engage in malvertising attacks in situations where they cannot obtain compromised access to high value, high trafficked web sites. By relying on social engineering techniques to trick major ad networks into serving their malicious content, they get the multi-million impressions exposure that they’re looking to get.

It’s the higher click-through rate achieved that matters, with the ads appearing on trusted and high trafficked web sites. In some cases, the click-through rate from even a short-lived campaign can outpace, the click-through rate from a well coordinate blackhat SEO (search engine optimization) campaign.

According to Dasient, the malicious attackers usually rely on remnant advertising, that is advertising inventory which isn’t sold until the last minute, and work typically on the weekends, with the idea to increase the average time it would take for an IT department to take down the malvertising campaign. Similar studies conducted by Google indicate that the most typical content served is fake security software also known as scareware.

Users are advised to browse the Web in a sandboxed environment, using least privilege accounts, NoScript for Firefox, and ensuring that they are free of client-side exploitable flaws.

See also: Research: 1.3 million malicious ads viewed daily

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Increase, Attack, Security, Malware, Advertising, Malvertising, Cyberthreats, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Talkback Most Recent of 3 Talkback(s)

  • I give up. What makes them "mal"?
    I mean, any more mal than the other ads.
    ZDNet Gravatar
    Professor8
    8th Mar
  • RE: Report: 3 million malvertising impressions served per day
    They take you to attack sites that install malware on your computer thats why they are called malvertising.
    Face book is full of them, I gave up reporting all the scam ads on facebook and now just block all facebook advertising.
    ZDNet Gravatar
    vaughanm
    8th Mar
  • RE: Report: 3 million malvertising impressions served per day
    It's now very rare for anyone using Win 7 and IE8/9 to ever be caught by simply clicking on a website. However, the problem is people givng executable programs free reign on their system even after moving through various warning dialogs.

    While most of us laugh at the fake virus scanning product ads and list of supposed viruses we have installed, less techie users simply read their computer is infected and they have to click here and download the program to fix it. If the malvertising is graphically similar to OS windows or security programs then they'll blithely run anything.

    Just took a root kit off an XP laptop running IE. The owner admitted to simply believing the pop-up ads, downloading the software and ignoring warnings and then running it.

    Against stupidity the gods themselves contend in vain wink
    ZDNet Gravatar
    tonymcs@...
    8th Mar

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources