Advertising malware rates have tripled in the last year, according to report The Verge

      Comments Off on Advertising malware rates have tripled in the last year, according to report The Verge

Ad networks were hit with a string of compromises in recent months, and in response to a new report, many of the infections are making it via to patrons. A study published today by Cyphort found that instances of malware served by ad networks more than tripled among June 2014 and February 2015, based on month-to-month samples taken during the period. Dubbed “malvertising,” the assaults usually sneaking malicious ads onto far achieving ad networks. The networks supply those malware seeded ads to widely wide-spread websites, which pass them along to a component of the guests to the site.

The attacks usually infect computers by exploiting vulnerabilities in Adobe Flash, usually caused once an ad is successfully loaded. Even at the peak, the numbers are still less than half a percent of the whole sample — just 407 domains out of 100,000 — but researchers are still stricken by the upward trend, which looks to have continued via this year. Earlier this month, Jerome Segura at MalwareBytes found infections in both Yahoo’s ad network and a separate community serving ads to the dating site PlentyOfFish. Segura says the Cyphort’s findings match what he’s seen. “I think the rise in malvertising really started last fall and can be synced with the Flash Player debacle and the consequent slew of zero days,” he says.

“Ad blockers are a brief term answer but the core of the problem are software vulnerabilities that could be caused in loads of ways in which transcend malvertising. “Unfortunately for Cyphort, criminals switched strategies in February, adding new measures to avoid detection and cutting the company’s data set short. Cyphort analysis director Nick Bilogorskiy points to an update in the customary Angler take advantage of kit, which let the majority of malvertisers drop off the agency’s scans. “It was absolutely to bypass defense measures,” Bilogorskiy says. Cyphort has changed tactics too, however the shift makes a pure apples to apples assessment challenging after February of this year. Still, if the Yahoo and PlentyOfFish breaches are any indication, ad served malware remains to be a serious challenge, and one networks are struggling to maintain in bounds.

See also  CNN Drops to Last Place Among Cable News Networks The New York Times