Malvertising continues to pound legitimate websites

In the last three months of 2010 attackers managed to serve 3 million malicious advertising, or malvertising, impressions every day

In the last three months of 2010 attackers managed to serve 3 million malicious advertising, or malvertising, impressions every day. That's the headline figure from a report released today from Web security firm Dasient. According to Dasient, that's a 100 percent increase from the preceding quarter.

Part of the increase may be attributed to Dasient increasing the types of ad networks it tracks. In this report, the firm began tracking so-called remnant advertising networks (networks that sell empty advertising slots at the last opportunity) as part of its study. Because these networks aggregate advertisements and charge a low rate, there is less revenue and possibly less vetting of the safety of advertisements, the report stated.

Also see: 7 reasons websites are no longer safe

"Reputable ad networks also often syndicate or sub-syndicate unsold ad space to remnant ad networks instead of filling them with house ads. With the addition of more remnant ad networks in our telemetry, we believe that we are more accurately reflecting the current state of malvertsing," the report stated.

Last week the real threat of malvertising shook visitors to the London Stock Exchange's Web site. Visitors to the site were hit with ads crafted to display bogus security alerts.

These malicious ads, designed to sell anti-virus software, somehow infiltrated an ad network that is used by the London Stock Exchange. Robert McMillan has more in his report Malware ads hit London Stock Exchange site.

Because of their ease of execution and effectiveness at reaching a broad audience, these attacks aren't expected to stop soon. In fact, according to Elad Sharf, researcher with Websense Security Labs, they're always striving to become even stealthier. With every new cyber attack, criminals custom build malware variants - the malware file goes through extra processing with the aid of tools that are part of the cyber criminal toolkit like packers, obfuscators and encryptors. Because this is custom made and new, the Antivirus detection is very low as would be expected on a new variant, so it can actually run on the user machine if an exploit is successful. Detection rate at the time of the attack is 11 percent according to Virustotal," he said.

What it's like to...

The London Stock Exchange attack also points to another troubling trend in malicious advertising attacks: rather than infiltrate them, criminals are simply buying the ad space needed to propagate their attacks. "We have been following the exploit domains in this malvertising campaign for quite a long time now, and it seems that cyber criminals frequently use fee-based advertising networks to propagate malware - that means cyber criminals are willing to pay in order to propagate malware," Sharf said.

George V. Hulme writes about security and technology from his home in Minneapolis. When he's not clicking on online ads, he can be found on Twitter as @georgevhulme.

Read more about social engineering in CSOonline's Social Engineering section.

Join the CSO newsletter!

Error: Please check your email address.

Tags firewallsapplicationsmalvertisingapplication securityDasientmalicious websitesdata protectionmalwaresocial engineeringnetwork securityData Protection | Social EngineeringsecurityAccess control and authenticationsoftware

More about RSAWebsense

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by George V. Hulme

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place