Just in time for the holidays, more malware, from your friends.
It's now been two years since we first published this report, and the problem persists, and has grown.
It's been about a year since we first published this report. Here is new information regarding the continuing Malvertising criminal initiative. The linked article to the right (click the image) details the anatomy of an exploit.
The Anatomy Of An Exploit
According to the article subtle changes to image attributes allows exploits to hide within the html control elements of images, which under certain unfortunate conditions, allows the exploit to launch itself onto an unsuspecting device.
The importance of keeping applications, such as certain succeptable video application, up to date cannot be over emphasized.
Those little boxes the phone company or cable company give you to connect to the internet are the latest target of Malvertising agents. They contain the Domain Name pointers that direct your computers and other devices to the correct places on the internet. Once compromised these little boxes then direct your computers to fake websites that contain malicious code that further infects your systems.
It used to be that your computer was the target of malware attacks. Now all little boxes and embedded devices you may not even be aware of (your refrigerator or your TV set) are being targeted as a gateway to your entire home or office.
When you go to the carnival or the State Fair you know to be on the lookout for pick pockets. In the same manner when you shop online, especially during the holiday season, you know to be on the lookout for malicious software trying to pick your pocket as well. What you don't expect is for that malware to come from a friendly and trusted website. That should never ever happen, but increasingly, it does.
If you've spent any time on the internet lately you've seen all the advertising that pops up all over the place. With the help of firewalls, security software, malware filters, and ad blockers, most of it can be eliminated.
What about your favorite places? Your online magazines and newspapers, your favorite blogs, your friends blogs that you love to visit, and social media : what about those? These are your trusted sites, and even though there is some advertising there, well, hey that's how they make a buck and stay online. These are your go to places when you're online
Unfortunately the malware people, especially those hated ransom-ware f***ers, have figured out how to sneak into the most trusted ad networks and shove malware onto your unsuspecting internet device.
The articles linked in the left hand column are just a tiny sample of the articles covering the news related to malvertising.
Malvertising : It's not new, but it's growing rapidly and making some criminals very wealthy.
Even though malvertising has been around for about a decade, many internet savvy individuals have never heard the term. Malvertising is becoming more common, more aggressive, more sophisticated, and more pervasive. As we enter the 2015 holiday shopping season expect an even more aggressive approach taken by the sleazy and slippery individuals who profit from this type of malware. If you're unfamiliar with the term malvertising, you soon will be, as the crime rings that perpetrate this garbage grow and multiply.
How much do these criminals make?
Imagine that your most trusty computer, the one your homework is on, the one all your pictures are on, the one your business proposal is on becomes suddenly useless because all that data has been locked away behind a wall of encryption. What is all that data worth? How much would you pay to get it all back. This is the scenario that many have suffered through due to a common type of malware known as ransom-ware. Many, many more than you would imagine, have had to pay the ransom to get their data back.
So how much have people paid these criminals to get their data back? Thousands? Millions? Try many hundreds of millions, rapidly approaching a $billion$. This isn't just a secret business run by a couple of stinky kids in their basement. This is big business. This business is so big and so lucrative that even some otherwise good people think "Hmmm. Thats a lot of money. It sure would pay a lot of bills."
Are you safe if you don't click it?
In most cases you're safe if you just don't click on stuff, but not always. In emails and web pages most advertising is provided using an HTML hyperlink and if you don't click it there is no harm done. A lot of other advertising, however, is provided using an HTML Iframe and these frames click themselves. An Iframe automatically opens a frame in your browser and then loads in an additional webpage, and if that webpage is an attack page, it can load a malware payload onto your computer without you even knowing that it happened. Java scripts and some Flash videos automatically load and play without out you authorizing them. If these programs are compromised, then suddenly, so are you.
How does Malvertising work?
All of your favorite websites that use advertising to pay the bills spend a ton of time and money preparing the advertising that you see when you link to their website. This advertising is such a burden that most of them contract with a specialized advertising agency to prepare and display all the ad content. These agencies are known as ad networks, and almost every publisher uses them. In addition to their own advertising, publishing companies make a few extra coins by allowing third party advertisements to be included into their ad content. The third party advertising is vetted and verified by the ad network to be clean and trusted ad copy.
Although these ad agencies are, for the most part, dedicated and respectable and honest professionals, it's a lot of work vetting and building relationships with all their clients that want to place ad's on websites, and that is where the criminal networks can sneak in. After all that vetting and verifying your eyes go blurry and sometimes you miss something.
When freindly-ware goes to the dark side.
Lets say a new client signs up with an ad agency and is vetted as a legitimate company. That's pretty easy to do because it's pretty easy to appear legitimate even if you have a nefarious plan in the works. After months of providing good ad copy and building a trusted relationship with the ad agency, suddenly, without warning, malware is injected into the ad copy. The unsuspecting ad agency then pushes this compromised ad copy onto their clients servers, none the wiser that they have been duped into spreading malware. These things happen instantly with the click of a few keystrokes and BOOM - malware payloads are dropping onto devices all over the planet.
There are also some cases where legitimate ad copy is hijacked along the way by robot software and malware is injected. There is no end to the methods that criminals can come up with to get their poop into your webpage. With $millions$ at stake criminals can hire a large staff of sophisticated programmers and create their poop on a large scale.
How to protect you computer, and your wallet, from malvertising.
There is no method that is 100% effective, especially if the malware is brand new and never seen before on the internet. There are, however, several things working in our favor. One is that most of this malware is not new and can be detected if all the appropriate checks are in place. Another thing in our favor is the plethora of organizations that scan the web in real time and can detect and identify new payloads shortly after they are launched. Once detected the malware signatures can be delivered to firewalls and malware filters and ad blockers in a matter of hours, or even minutes.
So, how can you protect yourself? First, setup a good firewall. Firewalls are built into most computer systems and start up automatically. Second use a good malware filter such as Malwarebytes. Third, use a good virus scanner and run it periodically. ClamAV for Linux and ClamWin for Windows is free and quite effective. Last, but not least, use a good ad blocker in your browser. We recommend uBlock Origin as it is one of the most aggressive malware blockers and also can block much more than just advertisements.
We publish advertising, so why do we advocate using ad blockers?
We love our Internet visitors and as such protecting the health and safety of the ones we love is our prime directive. We work diligently to provide ad links that are unobtrusive, relevant, and valuable to our website visitors, and the majority of these are not blocked by ad blockers, even the most aggressive ones. In addition every page, every advertising link, every resource link, in fact everything any of our web pages link to is SCANNED FOR MALWARE CONTENT EACH AND EVERY DAY and if it comes up dirty we remove it.
We do not rely on ad agencies
We create our own ad links, our own graphics, and our own ad copy. We do not rely on ad agencies or other ad networks that can become compromised without warning and without our knowledge.
We can't guarantee that our scanners will catch everything, every time, but we do our best to provide a clean website and clean hyperlinks, and that is a lot more than most other ad publishers provide. We take pride in protecting the ones we love and will continue to do so, and continue to improve our process and procedures, always.