Malvertising has gotten a bit wiser these days in moving through a scheme that appears legitimate. And even reliable websites of popular media outlets and blogs have fallen victim to this kind of malicious activity.
How are malvertising operators able to penetrate the supposedly tight security filter of ad networks? Well, hacker Golden Goose discovered a way to push malicious ads through trusted brands using legal processes. How is this possible?
The real-time ad bidding process is the culprit. It is now the commonly adopted method of selling online ads. And hackers have found a way to abuse it in such a way that they are still able to perform their malicious activities in a legitimate manner.
Advertisers are able to deliver targeted ads using real-time ad bidding and hackers, under favorable circumstances, hop on the bandwagon and push malvertisements to any sites with the same degree of freedom as legit advertisers have.
Malvertisers are also able to zero in on your specific location or community in much the same way that legit advertisers do by using data from geo-targeting of advertisements. This targets the ad, malicious or legit, to a specific public IP space through real-time ad bidding.
Aside from that data, malvertising can also be made to manipulate your shopping habits to deliver targeted ads to you, or use high-traffic portals that host click-bait content in order to hound you on the Internet.
Even before security vendors could fix security loopholes in place, malvertisers are always ahead in perpetrating their attack by bringing the flaw to light in order to circumvent detection tools. Malvertising has a quick mechanism to hide before ad networks could spot their activity, so it’s practically hard to stop this malicious operation at present.
In malvertising, attackers work to build botnets, spread banking malware and transmit complicated exploits for use in targeted attacks. But just how do they perform these activities without getting caught? First, they set up a sham corporate appearance to purchase ad spaces under the guise that they are legit advertisers.
These attackers, most of the time, already operate compromised websites that contain exploit codes. Victims of malvertising will then be redirected to those sites once those rogue advertisers find their target victims.
Users can avoid this form of attack by installing an ad blocker plugin in their browser, though this is the least option feasible since websites get their revenue from advertising. The most practical way to prevent malvertising is for ad exchanges to host their own content.