Security experts claim malvertising must be tackled

Security experts have called for Internet companies to do more to tackle the growing threat of "malvertising", the practice of placing fake adverts on a website to convince visitors to download malware, according to the Guardian.

Earlier this month, the New York Times website displayed such an advert, which claimed to have found a virus on the visitor's computer, before persuading them to go to a website to download the malware under the guise of "anti-virus" software. According to the New York Times, the advertiser was thought to be a legitimate company and indeed displayed legit adverts for a week, before externally changing it to a malware advert over the weekend.

"This is a growing problem," said Graham Clulely, a consultant with Sophos. "Hackers are making more and more use of ad networks to distribute their attacks to users visiting legitimate well-known sites."

"These are not random attacks. When they infect third party ad networks they may not know precisely which website will end up displaying their ads - but, frankly, they don't care about that. The important thing for them is that they get eyeballs."

Google executive Eric Davis, who is in charge of Google's anti-malvertising team, believes that greater cooperation with Internet providers is needed to tackle the issue.

"The internet service providers are in the best position to detect infected machines," said Mr Davis, talking at the Virus Bulletin conference in Geneva yesterday. "They already have monitoring systems that could be used to identify signs of malware and botnet activity."

Microsoft however, are taking a more direct approach, with the software-giant filing a series of lawsuits against suspected malvertisers.

Microsoft associate general counsel Tim Cranton said, "Although we don't yet know the names of the specific individuals behind these acts, we are filing three cases to help uncover the people responsible and prevent them from continuing their exploits."

Report a problem with article
Previous Story

Apple rumored to be releasing new iMacs very soon

Next Story

Windows 7 PCs available early

15 Comments

Commenting is disabled on this article.

Think of it this way, when was the last time a television broadcaster let an ad run on their network without first being viewed by a human that's accountable for their content. Why? Because the FCC would roast the network if the thing aired, not the scumbag that created the content. Heck, Janet Jackson's nipple cost CBS $550K.

Make the company displaying the ads accountable for their actions to the end users in some fashion.

NXTwoThou said,
Think of it this way, when was the last time a television broadcaster let an ad run on their network without first being viewed by a human that's accountable for their content. Why? Because the FCC would roast the network if the thing aired, not the scumbag that created the content. Heck, Janet Jackson's nipple cost CBS $550K.

Make the company displaying the ads accountable for their actions to the end users in some fashion.

+100. That is a good point and they should definitely monitor better what sorts of ads are posted.

Perhaps add a layer that will not allow any code to be changed once there, and then any changes in code must be physically approved by the website once there. Then make all websites accountable for the code if it originates from their site?

Majesticmerc said,
Step 1: Check the adverts before publishing them.
Step 2: There is no step 2

+1

Or just use an ad blocker like Adblock Plus for Firefox.

ajua said,

+1

Or just use an ad blocker like Adblock Plus for Firefox.


Ad blockers don't solve the problem of these ad's affect mainly the people that don't know better though

ajua said,

+1

Or just use an ad blocker like Adblock Plus for Firefox.


or better, use IE8 with its integrated ad blocker (inprivate filtering)!
It works perfectly against google adsense which displays a large amount of malvertising with ads like "download 200% faster with speed optimizer" that IE8 refuses to open because its smartscreen filter says it is a known malware distributing website...
(not to mention the sandbox in IE8 which prevent flaws in flash/adobe reader from being exploited to install malwares silently on Vista/7)

neufuse said,

Ad blockers don't solve the problem of these ad's affect mainly the people that don't know better though

They solve the problem for me and the people whose computers I work on. Until sites do a better job of running secure ads, I will not feel one bit guilty for running adblock software. Web developers only have themselves to blame for this mess by allowing third party sites to add content to their pages without checking these sites out well enough to ensure they are running safe content.

Two things will get me to quit using adblocking software.

1. Don't interfere with the content I am there to see. That includes sites like Neowin and their love affair with intellitxt.

2. Only allow third party adverts from companies that respect content and security.

soonerproud said,

They solve the problem for me and the people whose computers I work on. Until sites do a better job of running secure ads, I will not feel one bit guilty for running adblock software. Web developers only have themselves to blame for this mess by allowing third party sites to add content to their pages without checking these sites out well enough to ensure they are running safe content.

Two things will get me to quit using adblocking software.

1. Don't interfere with the content I am there to see. That includes sites like Neowin and their love affair with intellitxt.

2. Only allow third party adverts from companies that respect content and security.

+1

Inline banner type ads I don't mind. But the intellitxt **** is what makes me install the adblockers. But the site is responsible for the ads that pop-up, even if they go through a 3rd party advertising agency to display them. The site is responsible for holding that 3rd party accountable. Neglecting it and getting bent-out-of-shape about adblockers is just being lazy with an attitude.

soonerproud said,

They solve the problem for me and the people whose computers I work on. Until sites do a better job of running secure ads, I will not feel one bit guilty for running adblock software. Web developers only have themselves to blame for this mess by allowing third party sites to add content to their pages without checking these sites out well enough to ensure they are running safe content.

Two things will get me to quit using adblocking software.

1. Don't interfere with the content I am there to see. That includes sites like Neowin and their love affair with intellitxt.

2. Only allow third party adverts from companies that respect content and security.

About the same here, except for the part about I'm supposed to feel guilty for blocking ads? Am I? I surely don't!!

If I wanted to see ads, I'd do a search for ads or a search for what I was looking for.

Majesticmerc said,
Step 1: Check the adverts before publishing them.
Step 2: There is no step 2

As said, the one company pulled a bait-and-switch on the Times.

Bemani Dog said,
As said, the one company pulled a bait-and-switch on the Times.

That sort of thing shouldn't be possible, therefore its the company's fault for allowing it to happen.