Monday, April 04, 2016
"Malvertising" attacks on major publishers right after Super Bowl and again in mid-March might be connected to ransomware incidents
Webroot’s Threat blog has a very disturbing article by Nathan Wyman, dated March 14: “Malvertising, when ads go rogue”. So do some other technical blogs, and the major news media has been a but mum about this problem so far, with confusing reports.
The article explains who criminal networks are getting malicious ads posted even on supposedly reputable sites, possibly by hacking into networks or by entering fraudulent contracts.
It’s not clear how dangerous an ad can be if it merely displays without being clicked. It’s also not directly clear from the article whether fraudulent ads have actually delivered ransomware, but, for example, the Guardian indicates that this may have happened with the New York Times, BBC, AOL and NFL right after the Super Bowl . A company called Malwarebytes has details on the malware served by advertisers on various major sites and how they were served Trend Micro (March 16) also discusses the growing threat of the "Angler Exploit Kit" here with more details here. Kaspersky's article seems older (2014) and the company ought to provide a new article on the March 2016 incidents.
But a few sites allow intrusive ads that pop up and are hard to get rid of to get back to the site. This happens a lot in mobile sites.
The articles generally recommend using “do not track” and keeping Adobe Flash up to date (Silverlight is obsolete.)
Reuters has a rather alarming YouTube video, dated March 16, 2016, saying the problem has increased a lot since the start of 2016.
But it’s apparent that malicious ads can undermine the whole idea of user generated content online, which is paid for by ads. That would be particularly true if most users avoid clicking on ads out of “fear”.
I rarely negotiate online ads myself. The last time I remember doing so at all was after a car was totaled a year ago and I was in the market to replace it with insurance, quickly.
A story by Carrie Milhacik on CNET indicates that a major attack on advertising networks happened in mid March and that some ads could infect computers, especially with outdated Flash or Silverlight, without being clicked.
I had one incident a week ago on a book publisher’s association site where Kaspersky, in Windows 10, blocked one blog link because it detected malware on the page. This might have been connected to this attack.