Hey big spender, watch out for malvertising

Malicious code is being inserted into online advertisements, warns Cisco

Global Internet advertising revenues will approach US$200 billion by the year 2018, making it a lucrative business but also attractive to cyber criminals, according to Cisco.

Cyber criminals have been using an attack method called malicious advertising or 'malvertising'. This involves cyber criminals inserting malicious code into online advertisements. Unsuspecting users click on the advertisement which then provides revenue to the criminals.

Cisco Australia and New Zealand's security general manager, Anthony Stitt, said that website owners have trouble preventing the problem because the malicious code is planted on Web pages via third-party advertising delivery networks.

“There is a real risk that users become so wary of ads that they either start ad blockers or just don’t click on ads which is bad for the advertising industry. Their primary source of revenue is being impacted,” he said.

According to Stitt, website owners need to look at measures they can do before, during and after a malvertising attack.

“From an advertisers’ perspective, they need to assess advertising agencies and ad networks that want to put content in their system,” he said.

This also involves assessing advertising files that get submitted. However, some cyber criminals have managed to get around this by disguising malicious code so it won't be picked up by assessment, Stitt added.

“You can block [malvertising] attacks as they happen by using sandboxing techniques or looking at the behaviour of the malware. Once the computer is infected, you can often detect this because there are sometimes eight different pieces of malware being downloaded at once.”

Malvertising is also spread when people download software from an untrusted source and install it on their computer.

“With that [software] comes a piece of code which monitors the user’s browsing behaviour and then does what is called ad injection. This creates fake ads which are inserted into the user’s browser as they look at legitimate websites,” he said.

“Those fake ads can re-direct the user to a website that could be doing a whole range of things including affecting their computer with malware.”

In February 2015, several security vendors documented attacks involving malvertising in the United States.

For example, Cyphort found malicious advertisements popping up on major websites including the Huffington Post and the LA Weekly.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia