Saltar al contenido

Malvertising increases more than 300% in recent months

anuncios maliciosos

According to a study by the company Cyphort, malicious ads on advertising networks, a practice also known as malvertising, has increased by more than 300% between June 2014 and February 2015.

Cyber ​​criminals have known how to take advantage of Internet advertisements forever and all advertising companies from the smallest to the largest such as Google or Yahoo have been affected.

The problem also negatively affects webmasters, because if a visitor ends up infected when visiting a site, even if the owner has not had bad intentions, that visitor may not come back or recommend it.

This has happened to sites of all kinds including giants such as the HuffingtonPost or the NY Times, if attackers manage to circumvent the filters of advertising networks, they can appear on these sites with the potential to infect thousands of users.

Many of the detected malicious ads were built in Flash to take advantage of the vulnerabilities that the plugin has presented in recent times, many of them 0-Days.

To better understand the seriousness of the matter, if your Flash plugin is not updated or is vulnerable by a 0-Day and you visit a site with codes that can take advantage of this vulnerability, you could end up with the infected computer without realizing it (attack known as Drive -by download). And it can even happen on trusted sites since attackers don't infect the site itself, but the ad network it uses.

It's no wonder that companies like Google in their AdWords network are encouraging the use of HTML5 instead of Flash for ads, and other giants like Amazon have recently announced they are no longer serving Flash ads on their sites. Browsers like Firefox and Chrome have also taken the initiative to block the plugin by default to protect users and let them decide when to launch it.

But Flash is not the only goal, other plugins like Java and programs can also be exploitable in various ways. And cheating can also use social engineering to steal information or take money from you in some way.

Some advertising companies are also complicit in these scams in order to improve their income, in many of them it is not that the scams are allowed, but they are very flexible with the type of banners, products and promotion mechanisms that they allow.

How to protect yourself? In addition to the usual, common sense, keeping everything up-to-date and using some antivirus, many use ad blockers like AdBlock to prevent ads from loading.

This obviously has a negative impact on the revenue of the sites, but it is a useful measure above all to block ads on sites that are full of them and do not use reliable platforms.