Malvertising has been around for years, but as we continue to discuss, it’s becoming more sophisticated and harder to detect. Malvertising is when an attacker seeds online ad networks so that when ads appear on websites, they can potentially deliver malware to the user’s computer. All the user has to do is view an ad, not even click on it, and their computer could be infected. The scarier part is that these types of malware are extremely hard to track down and stop.
The New York Times, BBC, The Hill, Newsweek, AOL, MSN, and more are all examples of large companies that have had their ad networks hijacked. Typically, hackers will acquire expired domains of trusted ad companies or temporarily hijack an existing one, to get access to these higher-level ad networks. By hijacking these already vetted sources, they are then allowed access to the ad networks of these larger companies (The New York Times, BBC, etc). Attackers even go so far as to set up fake social media profiles, fake domains, etc. so that they appear legitimate to online ad companies.
These ads carry the Angler exploit kit, which is a type of software that probes the user’s computer for vulnerabilities to which it can deliver malware. Since the malvertising was delivered to these high-trafficked sites, it affects a very large amount of people in a very short amount of time. (Think hundreds of thousands in just 24 hours)
Attackers are becoming increasingly more aware of who is tracking and watching them. They profile, or fingerprint, machines and can look for security researchers. The attackers can then designate certain IP addresses and VPN networks to not receive the malicious ads. That way, the security researchers cannot replicate the ad, and figure out how to stop or prevent them. The attackers are going to look for the people who are more vulnerable and likely to click on the malvertising.
Again, having the right security measures in place, having back-ups, and continually protecting you and your company will keep you safe from malvertising and other types of malware. If you are proactive, you can save yourself the headache of dealing with all these new and sophisticated types of malware. Or at least, you can recover quickly if you are hit with one.