Malware menaces poison ads as Google, Yahoo! look away

Booming attack vector offers mass malware distribution, stealthy targeting

Crisis meeting

Experts recommend users run advertising or script blockers to prevent random redirection from malvertising. "Advertisers are really going to hate to hear this but blocking advertising for user protection is a really effective way of blocking malvertising," Schultz says.

Users can use script blockers or ad blockers to reduce their exposure. This reporter has anecdotal evidence that many in the industry run the likes of Ad-Block for security purposes. The scourge is so bad that Cisco's Schultz and the rest of the TALOS team recommend the blockers as a security measure. Schultz personally recommends Request Policy for Firefox users.

For Spiezle, advertising networks need to introduce a kind of fast-track ciricuit breaker system akin to the US' Trusted Traveller for air travel where indicators that reveal advertiser's identity are used to establish trust. These trusted advertisers would be known suppliers of legitimate advertisements and such would enjoy the current speed and flexibility of the ad marketplace. "Those who are not known, the company might have a new gmail and IP address, would be subject manual review.

He says trusted advertisers could still be used to foist malvertisements by insiders, but those threats are miniscule compared to the current threat. A continual rise in ad blocking adoption, which increased by 82 percent last year in the UK to include 12 million users, could be the prompting ad networks need to invest and change their business models, he says.

"I implore the advertising industry to work with us. Demonstrate that you are making sincere efforts to fight malvertising and work with the broader security community."


Bootnote The advertising systems that Google and the like have built are sophisticated systems that enable advertisements to be so dynamic that they target specific users on the sites they visit and for the things they buy, bringing what remains an advertising revenue trickle from the then golden age of print.

Therefore the need to block advertisements in the name of security is in your correspondent’s loaded and conflicted opinion (I run script blockers myself) an unfortunate solution to the growing scourge of malvertising. Ads on websites and mobile apps are like those on free-to-air television important alternatives for consumers who cannot or do not wish to pay access fees for quality content. Blocking that source of revenue as a permanent solution only throws fuel on the already raging fire.

Keep Reading

Tech Resources

Apps are Essential, so your WAF must be effective

You can’t run a business today without applications—and because apps are critical to strategic business imperatives and commerce, they have become the prime target for attackers.

Webcast Slide Deck | How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Anatomy of a Private Cloud

Learn the key elements that combined, build a true Private Cloud

Biting the hand that feeds IT © 1998–2021