Online advertisements are a part of our daily browsing experience as it has also become an essential part of companies’ online marketing strategies. So how do we know, when visiting websites that carry these networked advertisements, whether we are opening ourselves up to criminal compromise through malicious ads?
Web site owners use trusted content networks to provide advertisements for their websites and criminals are actively targeting this trust relationship as it represents a weak link in the chain of content control. Criminals create shell companies to place advertisements that hide malicious content, such as JavaScript or Adobe Flash exploits, in banner ads that are subsequently placed with high profile advertising networks. These malvertisements are then syndicated across many hundreds of web sites silently infecting as many victims as possible.
Malvertisments, as they are referred to, have become increasingly common over the past few years and continue to be a growing problem. The potential number of victims available to criminals through a syndicated ad will often far outstrips the potential return for compromising an individual website. Internet users are unknowingly putting themselves at risk when they visit legitimate websites, which happen to be carrying malvertisements, designed to invisibly and automatically infect visitors through drive-by downloads. A drive-by download usually involves a chain of events; the victim visits a website which in this case is carrying a malvertisements, the malvertisements will contain either JavaScript which will be automatically executed by the browser. The purpose of the JavaScript is to automatically and invisibly redirect the browser to a server hosting exploits (commonly a criminal exploit kit such as Yes!, Eleonore or Phoenix for example) these exploits are then used to push out the final malicious payload of the criminal’s choosing. In some cases exploits for technologies such as Adobe Flash are embedded directly within the malvertisements and this has the same end result of delivering a malicious payload. Once infected, your PC is compromised or your virtual wallet lifted in a number of ways; from pushing fake security software which fools the victim into believing that their PC is infected with any number of entirely bogus malware which only this (paid-for) application can remove, to criminals stealing your personal or financial details and/or obtaining remote access to your PC.
So where does the responsibility lie? Is it with the web site that is hosting the malicious adverts, the network distributing them, or the consumer who visits the website? Really the responsibility, as well as the potential for damage, is shared. Web site owners and ad-networks alike suffer embarrassing brand damage when their customers are infected and the victim of course suffers the pain of information or identity theft and financial loss.
It is certainly true to say that if the right checks and balances were in place the problem would largely cease to exist, at least on legitimate websites. Clients of ad-networks should be applying pressure to their provider of choice to ensure that the appropriate checks are made before the advert goes out. Ideally, automated systems need to be in place at the advertising content providers, to run the ads through a sandbox before they are released into the public domain, checking for any kind of active or malicious code. Third party providers should perform specific checks to verify URLs and detect any unexpected or unwanted behaviour such as automated redirections, even if not malicious no web user wants to be bounced off to a third party website simply as a result of rendering an ad in their browser and no website owner would want their visitors stolen in this way either!
In the meantime, Internauts should ensure that they have the appropriate anti-malware software installed on their PC to minimise the risk. Free options include tools such as Browser Guard, which blocks exploit attempts and detects malicious JavaScript stopping it from executing. When choosing anti-malware software, it’s important not to focus purely on software that will scan for bad files, but also that will stop PCs (and not just browsers) from connecting to malicious destinations.
