Advertising network takes on malvertisers

Attackers use real-time bidding platforms to place malicious ads on otherwise reputable sites

In the war between malvertisers and legitimate advertising networks, the bad guys seems to be winning. Attackers use real-time bidding platforms to place malicious ads on otherwise reputable sites, infect target users and disappear -- often before anyone has even noticed that there's a problem, according to a new report by Fairvax, Vir.-based security firm Invincea, Inc..

Attackers can use the targeting features offered by advertising networks to zero in on victims based on which operating systems and browsers they use, based on their interests, based on their geographic locations, and even based on specific corporate IP ranges.

When the attackers target a wide range of people on a popular website, the malvertising will be noticed and shut down. But if the victims are very narrowly targeted, the attackers can switch out the malvertising for a legitimate ad as soon as their intended victims are infected, and nobody might notice at all.

End users and the companies where work aren't the only victims. The publishers suffer when word gets out that their websites are delivering malicious ads. So do the adverting networks -- not only do they often get paid with stolen credit card numbers, but they also lose out when publishers switch to other networks.

According to Invincea, the malicious ads appear on legitimate sites, so they don't show up on blacklists. Plus, advanced malvertisers have begun using Flash-based exploits that insert code directly into device memory, bypassing malware interception appliances.

The best way to stop malvertising, according to Invincea, is at the source -- preventing bad actors fro purchasing advertising in the first place.

One advertising company doing that is engage:BRD.

"There are all these small bad actors, constantly evolving their practices and trying to trick the system using fraud and lies and technological loopholes," said Ted Dhanik, CEO at Los Angeles-based engage:BDR .

For example, malvertisers would use credit cards that hadn't yet been reported as stolen, pose as people working in companies that engage:BDR already had relationships with.

To combat this problem, engage:BRD implemented a vetting process that involved not only checking into the company buying the ad to ensure that it is a legitimate company, but also on the employee doing the ad buying.

"You have to talk to other people in the company about who the buyer is and whether they actually work there, and can buy from you in an authorized capacity," said Dhanik.

It's in every ad network's best interest to get rid of malicious ads, he said.

"Our publishers are our lifeline," he said. "Malvertising is causing sustainability issues. Companies are going away because of this. If we can get rid of malware, we're all going to be much more sustainable."

Engage:BDR also scans all advertisements for malware, both before they go live, and then on an ongoing basis while they're active. It uses scanning by The Media Trust as well as other services.

After implementing the new policies, instances of malvertising have dropped to zero, reports Invincea.

Engage:BDR is also involved with the Interactive Advertising Bureau's Anti-Malware working Group and is helping to develop industry best practices.

Join the CSO newsletter!

Error: Please check your email address.

Tags malware

More about EngageInc.InteractiveInteractive Advertising Bureau

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Maria Korolov

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place