Malvertising – The Malicious Ad Campaigns

As Malicious Advertising (Malvertising) is a type of online attack in which malicious code is hidden within an online advertisement for spreading malware, it is the most sophisticated threat faced by unsuspecting users. Once the malware code enters the end-user’s browser, it can lead to a number of harmful exploits such as data breaches, identity theft, ransomware and more.

How it works?

  • Individuals visits a website, it does not matter whether the site is legitimate or sketchy because the threat lies within the advertisement on the website.
  • Advertisements appears in various shapes and sizes and can also appear as banners and popups.
  • Malvertising uses various tactics including IFrame, an invisible box which can covertly navigate to additional webpages.
  • The IFrame redirects to an “Exploit Landing Page”
  • The landing page contains malicious code which will attack the system
  • The attack code exploits the system and installs malicious software

Some Examples of Malvertising attacks

  • In 2014, certain advertisements on DeviantART.com were redirecting users to the Optimum Installer web page for installing Potentially Unwanted Applications on unsuspecting users. Hackers had compromised Clicksor Ad Network for distributing malware.
  • In 2009, Trend Micro described an incident when the New York Times was hosting a banner ad that attempted to social-engineer people into installing a rogue antivirus tool.
  • The London Stock Exchange website was also observed inadvertently serving malicious ads to its users in 2009. The incident was traced to a possible breach at Unanimis—the company serving the ads the London Stock Exchange and many other companies.

Few recent attacks

  • Recently in February 2019 over the extended Presidents’ Day weekend a massive malvertising campaign has hit US users.
  • Experian, a global credit monitoring agency, was one of the victim of steganography-based malvertising in 2018.

Conclusion

Malicious Advertisements are usually run with the normal advertisements, so users may not be attacked even though a user visits an infected site and not clicks on the malvertisement. This attack is hard to detect as duplicating the infection is difficult. Malicious advertisement triggers its malicious payload only if the specific conditions are met. Malvertising is often used to redirect users from legitimate websites to fraudulent ones. By using anti-software exploit in combination with anti-malware, and software like ad/pop-up blockers can provide protection against malvertising. Various security service providers should come up with specific solutions and solution suite based on detecting malvertising.

– Sonam Chawla,
Research Analyst,
Infoholic Research