Research: 1.3 million malicious ads viewed daily
Summary: New research released by Dasient indicates that based on their sample, 1.3 million malicious ads are viewed per day, with 59 percent of them representing drive-by downloads, followed by 41 percent of fake security software also known as scareware.
New research released by Dasient indicates that based on their sample, 1.3 million malicious ads are viewed per day, with 59 percent of them representing drive-by downloads, followed by 41 percent of fake security software also known as scareware.
The attack vector, known as malvertising, has been increasingly trending as a tactic of choice for numerous malicious attackers, due to the wide reach of the campaign once they manage to trick a legitimate publisher into accepting it.
More findings from their research:
- The probability of a user getting infected from a malvertisement is twice as likely on a weekend and the average lifetime of a malvertisement is 7.3 days
- 97% of Fortune 500 web sites are at a high risk of getting infected with malware due to external partners (such as javascript widget providers, ad networks, and/or packaged software providers)
- Fortune 500 web sites have such a high risk because 69% of them use external Javascript to render portions of their sites and 64% of them are running outdated web applications
The research's findings are also backed up by another recently released report by Google's Security Team, stating that fake AV is accounting for 50 percent of all malware delivered via ads.
The increased probability of infection during the weekend can be attributed to a well known tactic used by the individual/gang behind the campaign. Once the social engineering part takes place, in an attempt to evade detection, they would first feature a legitimate ad, wait for the weekend to come thinking that no one would react to the attack even if it was reported, and show the true face of the campaign.
Case in point is NYTimes malvertising campaign (Sept. 2009):
The creator of the malicious ads posed as Vonage, the Internet telephone company, and persuaded NYTimes.com to run ads that initially appeared as real ads for Vonage. At some point, possibly late Friday, the campaign switched to displaying the virus warnings. Because The Times thought the campaign came straight from Vonage, which has advertised on the site before, it allowed the advertiser to use an outside vendor that it had not vetted to actually deliver the ads, Ms. McNulty said. That allowed the switch to take place.
Why would a malicious attacker engage in malvertising attacks, compared to relying on hundreds of thousands of compromised sites?
Malvertising is not an exclusive practice used by a team of cybercriminals specializing it in. It's done in between the rest of the malicious campaigns and activities the gang/individual is involved into.
From a cybercriminal's perspective, a high trafficked web site would naturally mean greater click-through rates, or as we've seen in previous cases, actual pop-ups of the ubiquitous fake scanning progress screen. Moreover, when direct compromise of this host cannot take place, they would attempt to locate and abuse the weakest link in the trust chain, in this case the third-party advertising network having access to the site. The problem then multiplies due to the re-syndication of the ad inventory from a particular publisher to another.
- Related posts: Fake Antivirus XP pops-up at Cleveland.com; Scareware pops-up at FoxNews; Gawker Media tricked into featuring malicious Suzuki ads; MSN Norway serving Flash exploits through malvertising
One of the main problems publishers face, is that in order to stay competitive in the marketplace, they emphasize more on the efficiency of acquiring new customers, compared to the security practices that would prevent such a attack from taking place, and clearly that also includes the use of commercial anti-malvertising solutions.
This efficiency vs security approach can be best seen in a major malvertising campaign profiled in February, 2010, where the malicious attackers targeted as many efficiency-centered publishers as possible, successfully infiltrating known services, such as DoubleClick and Yieldmanager.
In an attempt to trick the average end user who may get suspicious and realize that a scareware pop-up appeared through a malicious ad, the attackers included a "visual social engineering" element, by naming the subdomains using the trusted Google Analytics brand.
In terms of protection from an end user's perspective, Windows users browsing the Web in a sandboxed environment, using least privilege accounts, NoScript for Firefox, and ensuring that they are free of client-side exploitable flaws, will mitigate a huge percentage of the risk.
Have you been a victim of malvertising? When and where was the last time you were exposed to a bogus scareware "You're infected" pop up? Who should be held responsible, the publisher for accepting the ads and the lack of automatic malicious content scanning mechanisms, the site that featured it, or the end user for his lack of situational awareness on what malvertising and scareware is in general?
Talkback, and share your opinion.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Almost too easy
Bad advice
Linux or MacOS for that matter don't have the share to be attacked in this manner.
Second, having a person or persons jump ship, carrying over their bad habits, only for the malware authors to follow will only mitigate the problem for a short bit, then Mac and Linux would see the same things happening there as well.
Despite what the "advocates" say, each OS has their share of vulnerabilities, and with each new revision, more will pop up. Despite the arrogance of most Mac users, and the "many eyes" theory of Linux users, I can guarantee there remain unseen and unpatched vulnerabilities in those camps.
The same, flawed argument from market share, again, eh?
Also, you do know that if Linux became more popular, the number of people [i]defending[/i] its code base would increase, right? There would be far more white hats out there looking through it, finding vulnerabilities and fixing them before the bad guys. Same with OSX probably, but to a lesser extent, since it's closed source and thus only employees can work on it.
RE: Research: 1.3 million malicious ads viewed daily
The large windows botnets are larger than Linux's entire installed base.
Sure, market share means nothing, you just keep telling yourself that.
RE: Research: 1.3 million malicious ads viewed daily
@rtk completely ignoring my argument and attacking a straw man instead, eh?
The vast majority of malicious hackers out there will never get anywhere close to infecting even a million hosts, so whether they go after Linux or Windows doesn't depend on market share, since both have over a million. Windows is just easier to hack, there's no excuse to it. And if Linux did have more market share and Windows less, guess what? More people fixing stuff on Linux, less people fixing Windows. It works that way, at least.
RE: Research: 1.3 million malicious ads viewed daily
The following <a href="http://www.shoppharmacycounter.com/t-phentermine.aspx">Phentermine</a> is not i implore your can you repeat that?? You consider this is.
Firefox
Does what it says perfectly from my experience with it.
One of the reasons
I switched back to Firefox full time.
An even better, and easier way; ditch Windows.
RE: Research: 1.3 million malicious ads viewed daily
Despite that, Apache is hacked apart daily.
I didn't say they were. And one compromise in that segment a day would be..
Also, why do you keep telling people random off-topic things for no reason whatsoever? I never said servers were desktops, I said when two things both have more market share than you can handle, it's a matter of which is less secure, not which is more popular.
Now if there were, say, only 10 Linux-based PCs, it might not be profitable to make a virus for it. But once you get into the millions, all that really matters is if you can do it or not.
RE: Research: 1.3 million malicious ads viewed daily
rtk, are you really this dense or just playing dumb to annoy me?
Responsibility for malware ads
I used to see ads that told me my computer was slow and may have malware; those I can ignore. Last summer I got hit a few times with a drive by scareware that replaced my desktop with a huge warning and would not let me get on the internet. I was able to fix the problem by rolling back a few days before the infection.
The clumsy malware is being replaced by a stealthier form that does not seem to impact the user's computer. It works more in the malware author's interest to be able to infect many computers without showing any symptoms of infection.
Jumping to another OS without understanding that a lot of malware is installed by people who click "yes" on popups and links. Fixing the OS is not fixing the vulnerabilities that are at the heart of the internet. A lot of malware attacks can be prevented if the internet was designed to be less trusting and spoofing is better controlled.
RE: Research: 1.3 million malicious ads viewed daily
Lesson 1: Run Windows 7 and ...
Lesson 2: Install and maintain your own AV software, and DO NOT BELIEVE any warnings which are not generated by your AV software.
Last week...
Sounds easy, but we had several false starts, so it took a full day to disinfect.
If you catch one of those guys, can I have him? I'd like to spend a few days removing body parts.
Re;f you catch one of those guys, can I have him? I'd like to spend . .
. . a few days removing body parts.
Well you will have to join the queue.
If there is anything left, when your turn comes, can you please leave his brand new cement shoes on till last ?
Other than that you are welcome, IF I catch IT.
Sure, you can have him.
Let the witch hunts begin!