Advertising networks have two major assets that they can’t live without: their marketing strategy and the reliability of their brand. But all these are being threatened by the rise of malvertising networks, groups that spread malicious ads.
Oftentimes, the legitimate advertising networks lose their reputation to malvertisers, who now have learned to use bidding platforms in real time in order to put malicious ads on even harmless and legit sites to hit a targeted type of users or victims. After that, they quickly disappear like bubbles even before their traces are noticed and the compromise discovered.
Read also: How malvertising compromises ad networks
Malvertising networks, once they placed their ads on reputable sites, can use the tools employed by advertising networks to target the specific users or victims they wish to attack. The attack can be customized depending on several factors such as the operating systems used, browser through which the user surfs the web, location of the user and IP address.
The attackers, or malvertisers in this case, have also used a different technique in order to avoid detection. Normally, any malicious activity in the Internet that target a huge number of users, it will be stopped at once when discovered. But malvertisers are now beginning to narrow down their targets based on the factors mentioned above so that it would be hard for anyone to detect the attack.
This does not only affect the privacy and security of end users and companies, it most especially put a blemish on the reputation of advertising networks and the brands they are trying to promote. This happens when a misconception spreads that they are publishing malicious ads, when it is the malvertiser that’s responsible for it.
Also, these malvertising campaigns do not appear on a blacklist of malicious ads because they show up on legit websites, so their operations continue. Some malvertising campaigns even use Flash-based exploits to quickly embed code into a device.
Right now, the only practical means of stopping these malvertisements is by blocking their access to legit advertisement tools available in the market. Ad networks and companies alike can implement a vetting process in order to verify the buyer of an ad.
The goal is to confirm the identity of an organization that wants to purchase ads and get to know everything about them. That is so because it is always in the best interest of ad networks and companies that malicious ads are banished since the publishing industry relies heavily on ads.
