Rogue Ad double entendre; malvertising makes money from ad impressions as well as malware downloads
Online advertising has become the latest target of cyber criminals who are using it to mint money both ways, through clicks from advertisers and by inserting malware and getting money for malware downloads. Online advertising has become big ticket business and is continuously evolving with advertisers servicing more and more personalized and targeted ads. The publishers too make good money on websites with good content, whereas with the rise of online shopping, web surfers are increasingly lured to click on banners, pop-ups and video clips that match their interests.
While this is a healthy sign it has also brought in cyber criminals into the ad business. Cyber criminals are known indulge in click-fraud and malvertising to make money. Now, researchers have uncovered a rogue ad network deliberately embedding malicious redirection scripts into its Flash advertisements. However they have not revealed the name of this rogue ad agency.
Malwarebytes senior security researcher, Jerome Segura, said that he suspects that this unnamed rogue agency is controlled by Russian cybercriminals. According to him clicking on the ads from this agency leads victims to a page hosting an exploit kit known as RIG EK, which exploits Flash and installs a trojan (Trojan.Agent.ED).
“This particular ad may have been placed on a number of websites, big and small and leading to several thousand infections,” said Segura of one example, in his analysis.
According to Segura this kind ads are a bonus for the cyber criminals as this is a double source of revenues: Ad impressions and pay-per-click revenue, as well as commissions per malware install.
“If you were a website owner and allowed this advertising network to insert its ads on your site you would be unknowingly (or not, if the owner is part of the scheme) infecting your visitors,” Segura said.
To protect against the issue, users should disable Flash or use tools like NoScript.
“As with any other lucrative business, there are going to be miscreants who try to abuse the system,” said Segura. “A study published by the Wall Street Journal shows that one third of all Internet traffic is bogus.”
He added, “At the end of the day, this is yet another case of malvertising.”