Are Web Advertisements Infecting Your Computer?
- Comments: 24
- Written on: May 19th, 2010
ZDNet is reporting today that new research released by Dasient shows that as many as 1.3 million malicious ads are displayed to web surfers daily. The bad ads break down into two categories – 59% percent of them are drive-by downloads and 41% were fake-alert security software scams.
This new method of infecting PCs is called malvertising, and it is on the increase. Malicious attackers trick an ad network into running an ad that contains viruses or malware. The ad is then displayed on legitimate websites like Fox News, CNN, and others. Visitors get infected and if there is any blowback, it gets thrown at the website because most surfers don’t understand that its was the advertisement that nipped them
The research also indicated:
- The chances of getting infected from a malvertisement is 2x more likely on a weekend, and infected ads go undetected for up to 8 days on average
- 97% of Fortune 500 web sites are at a high risk of getting infected with malware through third party software providers like Java or Flash
- 69% of Fortune 500 companies use external Javascript and 64% of them are running outdated web applications
How Do The Bad Guys Trick Fortune 500 Companies?
The bad guys are posing as a legitimate company and tricking the advertising departments of legitimate media outlets to run the malvertisements. That is why they run the ads on the weekend when no one at the big companies is paying attention. For example, in September of 2009 the New Your Times got duped:
The creator of the malicious ads posed as Vonage, the Internet telephone company, and persuaded NYTimes.com to run ads that initially appeared as real ads for Vonage. At some point, possibly late Friday, the campaign switched to displaying the virus warnings. Because The Times thought the campaign came straight from Vonage, which has advertised on the site before, it allowed the advertiser to use an outside vendor that it had not vetted to actually deliver the ads, Ms. McNulty said. That allowed the switch to take place.
It Won’t Happen to Me, Right? WRONG
If you plan on keeping safe by avoiding weekend surfing, don’t get too comfortable.
In another report recently released by Google’s Security Team, they stated that the fake-alert malware infections are now making up 50 percent of all malware delivered via ads.
In this month’s issue, Consumer Reports ranked security software. The ONLY product that was able to protect your PC against malvertisements (malware infections) was Symantec’s Norton Internet Security and Norton 360 software.
NONE of the free security products protect your computer and MOST of the paid ones (including McAfee, Webroot, and Computer Associates) don’t get the job done either. Overall, Symantec was ranked above all others.
What are you doing to keep your computer safe? Have you been stung by one of these ads?
- If you liked this post, subscribe to my feed!
- Comments: 24