Skip to content

The Malvertising Scourge

February 4, 2015

In their zeal to monetize their online content, publications increasingly have turned to online ad serving agencies that aggregate ads from a multitude of advertisers and distribute them to those online publications via code in the web site from the ad network’s servers.

This provides advantages for both publishers and advertisers — publishers can more easily manage who they sell to and advertisers can more easily manage who they buy from through these ad networks, as opposed to weeding through all of the potential publishers and advertisers themselves.

Unfortunately, in their desire to get their ads noticed by online readers, advertisers, publishers and ad agencies resort to intrusive ads that pop up over the content and jump, hop, wiggle and fly across the screen.

Those ads invariably involve Adobe Flash for the animations, and as we all should know by now, Flash has inherent security flaws as evidenced by the three — count ’em, 3 — zero-day vulnerabilities Adobe had to patch in the past two weeks.

This provides a convenient path for hackers to distribute their malware. The problem is serious enough that it even has its own category of infections — “malvertising”.

Hackers love malvertising because it allows them to infect the millions of visitors to popular web sites without breaking into all of those web sites, and the infections often occur automatically without any action on the part of the visitor.

In September 2014, the ad network Doubleclick (a subsidiary of Google) and Zedo, another popular online ad agency, served up the Zemot malware to millions of unsuspecting computer users.

Earlier that month, malvertising hit visitors to 74 different domains, including Amazon, YouTube and Yahoo. It attempted to infect Windows and Macs with spyware, adware and browser hijackers. In the past, malvertising on third-party ad networkds has hit the New York Times, Fox News, London Stock Exchange, Spotify and The Onion, to name just a few.

Anecdotally, when we clean up infected computers, users invariably tell us the infection occurred while on a news or other ad-laden web site.

That’s bad for business for publishers, as it appears that the publishers’ web sites themselves are infected, when in reality the infections come from a third-party ad server.

The problem can be alleviated by running an ad blocker, like the ad blocker in Sophos Cloud that’s included in our FlexIT End-User Protection program.

Ironically, it might also improve your experience on sites that need you to keep coming back to justify their offerings to advertisers.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: