Malvertising is a ‘toddler’ now

No more dirty diapers, potty training is intact. Within a two year time frame — malvertising mastered crawling and is starting to walk now.

Malvertising (in succinct terms) is defined as the use of online advertising to spread malware. My first experience with malvertising (malicious advertising) occurred on a Saturday in mid-September of 2009. While browsing the New York Times (NYT), a rogue antivirus pop-up appeared. I immediately hit ctrl-alt-del to pull up task manager and attempted to end Google Chrome processes. Though I knew not to click on any pop-ups, my browser was quickly and silently redirected to a malicious website anyway. I spent the better part of the evening cleaning that mess up. Alas, the entire NYT experience was equivalent to the antithesis of Calgon — take me away.

Malvertising damages the advertising ecosystem

Malicious ads can heap a huge pile of damage on the advertising ecosystem, businesses, and individuals. With each passing year — malvertising is gaining momentum. 2012 saw 10 billion malicious advertisements with 42 percent of them delivered as drive-by executions that required no user interaction. In 2013, it was estimated that 12.4 billion malicious advertisements was served. This is a whopping increase of 225 percent between 2012 and 2013 (though some experts dispute the increase) and the miscreants are laughing all the way to the bank.

Dell SecureWorks

Last year Craig D. Spiezle, Executive Director & Founder Online Trust Alliance expressed in a written testimony before the Senate Judiciary Committee’s Subcommittee on Crime & Terrorism that cybercriminals have successfully inserted malicious ads on a range of sites including Google, Microsoft, Facebook, Wall Street Journal, New York Times, Expedia, Major League Baseball, (MLB) and others.

How do they do it?

Cybercriminals create legitimate ads and may place a series of malware-free ads on a trusted (high-traffic) site that supports third party ads. These ads could remain malware-free for several months while frequent users of these trusted and reputable websites are led to believe that the ad links are safe. Later on, cybercriminals inject malicious code into the trusted ad in order to compromise the intended target(s). The attacker actually benefits by using high profile websites like Amazon, The Huffington Post, Yahoo, and YouTube because they know that these sites will not be blacklisted by security vendors.

They also use:

  • Advanced ad-targeting
  • Drive-by-downloads
  • Fake ad agencies
  • Hacked ad servers
  • Legitimate ads
  • Malicious Flash banners
  • Real-time ad bidding
  • Third-party ads
  • Weekend attacks

The top 100 of the top 500 list on Alexa is frequently targeted by cyber-criminal malvertisers due to the capability to infect a large population of victims via malware ads.

Real-Time Ad Bidding

Though Real-time bidding (RTB) has been in existence since 2009 — it’s now slowly evolving from infancy into early toddler stage. In technical terms RTB is the buying and selling in real time of ad impressions at an online auction or ad exchange.

Web advertisements are sold to the highest bidder on online exchanges by buyers who can specify who the ad is shown to by IP address range, region, industry vertical or even just by specific corporations…That has proved advantageous for cybercriminals, who are signing with ad brokers to participate in real-time ad bidding. — Jeremy Kirk | COMPUTERWORLD

Cybercriminals are beginning to realize the benefits of high-speed advertisement placement (RTB).



The era of spear phishing and the waterhole attack, which uses social engineering, has come to an end. Hackers are now moving their tricky brains towards targeted Malvertising — a type of attack that uses online advertising to spread malware… this type of attacks mainly focused on US defense companies, but they will spread to all financial and government sectors soon. Real time bidding plays a vital role in this attack. This technique has the ability to micro target ad delivery based on versions of Flash, OS, Java and browser. As per the latest analysis, researchers concluded that this type of attack is much more difficult to patch than a zero day vulnerability. —Infosec Institute


Want to learn more about how to protect yourself from malvertising? Here are some additional resources to help.

Malicious Ads & Content Response & Remediation Guide: Guidelines to effectively prepare and respond to malvertising-related incidents

Dell Protected Workspace to fend off malware: Data Protection security offering for business PCs.

Proofpoint Malvertising Protection: A malware protection solution.

[Tom’s Guide] Malvertising Is Here: How to Protect Yourself 

[Dark Reading] The Truth About Malvertising

[Trustico] Top Five Tips For Protecting Your Business & Your Customers Online 

You might find it interesting to note that Google has a patent for protecting end users from malware using an advertising virtual machine.


This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. To learn more about tech news and analysis visit TechPageOne. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.





Leave a reply