Thursday, November 03, 2011

Web publishing industry could face existential threat from "malvertisements" -- malicious adware the gets past screening by major sites, publishing services

Byron Acohido has a major front page story in USA Today on Thursday Nov. 3, “’Maldavertisements’ take their toll; tainted ads infect computers, send victims griping on Twitter”.

A security film “RiskIQ” (link) reports the spread of up to 15000 tainted ads from supposedly legitimate sites in May 2011.

It’s not absolutely clear from the story whether users were infected merely by the embedded display if the ad, or only when they intentionally or willingly visited the ad. The story seems to suggest that for a couple hours visitors could be infected merely by visiting a site called SpeedTest (link), which measures the effectiveness of broadband connections.  Fortunately, the company caught the problem quickly.  I just checked the site on Mozilla and found it has good trustworthiness ratings from everyone, including MyWOT.

Another firm reporting serious risks to home users is Stach & Liu,  (website url) link

The most common complaint seems to be “ransomware”, that locks up a user’s computer until the user pays a “ransom” by credit card for fake anti-virus “protection”, rather like an on-line Mafia protection racket.  These ads have also been common in “spam” comments on blogs, but they are easily avoided when webmasters monitor comments before allowing posting. 

USA Today also reports that users are complaining on Twitter (rightfully so), causing loss of readership and revenue for some sites.  MyWOT reviewers often downgrade sites merely for carrying ads. 

It’s pretty easy to see how this problem could become an existential threat to the whole website advertising industry, which supports “self-publishing” by newbies (apart from social networking).

Major companies do screen the ads, but criminals have been finding ways to get around screening procedures, as detailed in the USAToday video.   Some ads are sold through networks of “middlemen” (or maybe like novelist Thomas Costain’s “moneyman”).  Some find ways to mimic “legitimate” sources with a process that seems to resemble sender-spoofing in email, leading to spam.

The New York Times had a major incident in the fall of 2009 with a malware that pretended to come from Vonage.  It’s not clear if the malware was launched merely by visiting the NYT web page. Ashlee Vance has a story Sept. 14, 2009, here. I see that I have a blog posting on that incident Sept. 14, 2009 here.

It’s not clear if Mac users have been affected much.

The link for the USA Today story is here.

No comments: