The ad tech industry has been reeling for the past 12 months over ad fraud and the industry is starting to come to terms with it. But unfortunately, ad fraud is just the tip (albeit, a very costly tip) of the malicious web. The recent malvertising attack on the Yahoo Network is a painful example and reports suggest malvertising will continue to grow. According to Malwarebytes, the security company that discovered the malicious creative, the attack actually started on July 28th, but was not discovered and taken down until Monday, August 3rd – or a full six days and potentially billions of impressions later.
Malvertising (malicious advertising) typically exploits a vulnerability in a software program and recent variants do not require any user interaction to infect the user’s machine. Infections can include browser redirects to malicious sites, ransomware, bot creation, Trojans and more. Malicious software affects users, advertisers and publishers.
For as long as the web has existed, there has been malware (malicious software) although the primary early vector was via email. Today most computer worms and viruses are designed to cause harm by allowing hackers to monetize stolen sensitive information or perpetuate fraud. They change or direct user Internet behavior, steal sensitive data, or control critical infrastructure. They cause very real monetary damage.
Web attacks target websites through two frequently used methods – overflow attacks and injection attacks. Both give the hacker control of the website and its host, allowing them to install malware that injects exploits into a site visitor’s browser, or launch more attacks against other servers. Overflow attacks target memory buffers in order to crash the host system and gain control of the system when it is restored. Injection attacks are one of the most prevalent and leverage flaws in web applications which leads to the extraction of entire databases of sensitive information or gaining control of the web application and server itself. Once the hacker has control they can launch attacks against users.
Drive-by downloads are targeted against users and one of the more common attacks launched from compromised websites. A compromised site will scan the visitor’s browser or system for vulnerabilities, and once discovered it will use an exploit to inject malware into the visitor’s computer or smartphone. At this point it can take one or more actions as directed by a “command and control” server. It can start stealing sensitive information to drain bank accounts or other information, it can also put the infected machine into a botnet to scout for other systems to infect or modify browser behavior to launch bogus events that financially benefit the botnet owners – such as ad fraud.
Malicious websites also host phishing sites, Trojans and worms, Man in the Browser Malware, Polymorphic and Metamorphic Malware, Ransomware, RATS (remote access Trojans), Spyware, Logic Bombs, viruses, credit card fraud, spam, online pump & dump stocks, dating fraud, tax scams and more. There truly is no end to the creativity, sophistication and dynamic tactics of the black hats, whose goal is to drive revenue for themselves using software.
Both the buy side and the sell side of ad tech should be aware and mindful of the greater malware ecosystem, and build in best practices to prevent falling prey to the malicious web, which should include tightening up access to systems; vetting vendors, traffic sources and partners; implementing anti-malware solutions; and becoming educated.