Malvertising Affects Web Users
Malvertising might perform the following attacks on users viewing the malvertisement without clicking it:
- A “drive-by download” — installation of malware or adware on the computer of a user viewing the ad. This type of attack is usually made possible due to browser vulnerabilities.
- Redirect of the browser to a malicious site.
- Displaying unwanted advertising, malicious content, or pop-ups, beyond the ads legitimately displayed by the ad network.
Malvertising Affects Publishers
The threat to publishers is damaged reputation, loss of traffic and revenues, and legal liability to damages caused to users visiting their sites.
While publishers are aware of the problem, they find it difficult to test for or block malicious ads. Ad networks serve ads from millions of advertisers, and display ads dynamically according to real-time bidding, making it very difficult to test all the ads that are actually shown to users.
Malware in ad calls — when a website displays a page that contains an ad, the ad exchange pushes ads to the user via many third parties. One of these third party servers may be compromised by an attacker, who can add malicious code to the ad payload.
Malware injected post-click — when the user clicks on an ad, they are typically redirected between several URLs, ending with the ad landing page. If an attacker compromises any of the URLs along this delivery path, they can execute malicious code.
Malware in ad creative — malware can be embedded in a text or banner ad. For example, in HTML5 it is possible to deliver an ad as a combination of images and JavaScript, which might contain malicious code. Ad networks that deliver ads in Flash (.swf) format are especially vulnerable.
Malware on a landing page — even on legitimate landing pages served by reputable websites, there may be clickable elements that execute malicious code. This type of malware is particularly dangerous because users click an ad, land on a real, legitimate landing page, but are infected by a malicious on-page element.
If you have any experiences with these scams do let me know, by email.
