There was a sharp jump in the prevalence of malicious Web advertisements in the final quarter of 2010, with loosely monitored “remnant” ad networks responsible for an increasing share of the attacks, according to a report from the firm Dasient.
The Dasient Q4 Malware Update reported that more than one million Web sites were infected in the last quarter of 2010. That period saw a 25% growth in malicious advertisements from the previous quarter, as attackers found ways to sneak malicious code into widely used syndicated online ad networks. Its a trend that security experts see accelerating in 2011, as malicious advertisements, sometimes referred to as ‘malvertisements,’ crop up on high profile sites, said Neil Daswani, Chief Technology Officer at Dasient.
Daswani said that, overall, his company saw a 100% increase in the amount of malicious advertising from the third- to fourth quarters, 2010. However, much of that was due to an expansion of the sites Dasient monitored, with an increasing focus on so-called ‘remnant’ ad networks, which aggregate ‘remnant’ advertisements from direct marketers, who often have little oversight about where the ads appear.
Though most remnant ad networks are legitimate businesses, many are also susceptible to manipulation. Malicious hackers have found a variety of ways to insert malicious content into their legitimate ad streams: either compromising the ad network’s ad server and replacing a legitimate ad with a malicious one, or by submitting a legitimate ad image, then replacing it with a malicious image after a set period of time, Daswani said.
Those images can find their way even to high value sites, because top tier online ad networks often syndicate ads from other publishers to fill in gaps in their own service, Daswani said. In recent weeks, well-ranked sites such as Autotrader.co.uk, cinema site Myvue.com and londonstockexchange.com were reported to have served up malicious advertisements. Malicious ads are commonly used to display pop up messages with links that will take users to a drive by download Web site download rogue anti virus programs or other threats.
Daswani said that firms that serve advertisements need to do a better job vetting the content of the images they serve for malicious code, and detecting Web based attacks, including malicious ads, when they appear.
Malicious ads are, by no means, limited to remnant ad networks. In January, major ad networks DoubleClick and MSN were duped into serving malicious ads from attackers who registered a malicious site that masqueraded as AdShuffle.com, an online advertising technology firm.