Most internet users believe that, as long as they stick to well-known and upstanding sites and employ a trusted antivirus product, they’ll be safe from things like malware. Users don’t get their bank information hacked when visiting reputable news and entertainment sites, right?
Wrong. The creators of malware always seem to be one step ahead of those looking to thwart them, and have ways of infecting devices and gathering sensitive information through trusted sites and with no interaction from the user. Even innocent-looking digital ads can be a real threat.
Let’s investigate malware in advertising, some specific examples of it and a few tips for keeping it at bay. In a future post we’ll see what Google and Bing are doing to keep advertisements safe.
Trends in Malvertising: Preying on User Trust
Perhaps you’ve heard of “malvertising” – malicious advertising designed to spread malware through legitimate networks and websites. It’s become a real concern for users, site owners and advertisers alike.
Malvertising runs counter to what we know about staying safe online by inhabiting familiar, trusted sites like YouTube. Such sites work with third-party ad networks, which connect users to numerous URLs well beyond that of the site they’re visiting. Most of the time, this isn’t a problem because the advertisements are from safe sources.
Sometimes, however, bad actors get in there with malicious intent. Since ad networks rotate their content quickly and malicious ads are often purchased with false information, the sites displaying the ads can’t trace the guilty party (who’s already made off with the money).
Worse, users don’t necessarily have to click on the malicious ads to become infected. Tools called exploit kits can find your system’s vulnerabilities (like outdated programs) and get to sensitive information while you browse an innocent site. Even a solid antivirus product can’t necessarily detect the malware.
Exploit kits let non-technical users launch relatively sophisticated attacks that take advantage of known vulnerabilities and steal personal and corporate data, implement denials of service or set up bots. Some developers sell the kits they make for hundreds or even thousands of dollars.
In 2016, we saw reporting on a few different malvertising attacks, and will look at a couple of them here.
The Angler Exploit Kit
In just a few days, the Angler Exploit Kit infiltrated enough top-tier news, entertainment and political sites to reach this large audience and get its malware into user systems.
According to Trend Micro, the malicious ads worked by automatically redirecting site visitors to malvertising servers, one of which delivered the Angler Exploit Kit. The kit is known to exploit Adobe Flash and Microsoft Silverlight vulnerabilities.
The actual malicious action of the Angler Exploit Kit is collecting credit card numbers, online banking details and other such information. Victims who catch the issue fast might be able to avoid heavy losses, but if too much time passes the losses could be great.
A few months after the Trend Micro report, certain outlets were reporting that the Angler Exploit Kit had been snuffed out. Of course, it’s not the only exploit kit out there.
The Stegano Exploit Kit
Stegano works by serving ads for browser defense and screen capture products on popular news sites to ultimately exploit vulnerabilities in Flash. Without any action from the user, the ads collect information about the user’s device.
Then, if Stegano doesn’t detect monitoring (such as the sort that might be on a malware analyst’s machine), it serves a malicious ad that’s nearly identical to the original. The practically imperceptible difference is achieved by altering the transparency of the pixels. It’s unlikely that the user will detect the slightly different tone of the malicious ad’s color.
Ultimately, Stegano delivers banking Trojans to collect online financial information and ransomware to disable equipment.
Stegano repeatedly checks to see if it’s being monitored so that it has a chance to stop the attack before being caught, and leaves its victim’s systems more vulnerable to other attacks from spyware, banking Trojans and others.
Stay on the Defensive
In the meantime, ensure that your antivirus product is up to date, and that commonly used programs like Flash are updated. Nothing is a complete guarantee, but these steps will provide you with a first line of defense.