The issue of malvertising has reared its head again this week and businesses should be clear on what third parties provide and how secure their systems are.
The London Stock Exchange experienced such problems at the beginning of the week, with click-through adverts leading to rogue anti-virus downloads. Also hit was the websites of Auto Trader and cinema site Myvue.com. In both cases the malicious ads were tailored to respond to user activity, with several masked redirects before installing the rogue anti-virus.
In these cases the websites themselves were not compromised, but users were led to exploit sites due to adverts hosted by third party advert provider Unanimis. It said that on the evening of Sunday 27th February it had received alerts informing of malware being detected that affected some advertisements it was running and also outside the network.
It said: “The affected advertisements on our network were removed within three hours and all sites continued to operate normally. Unanimis take the threat of malware and viruses very seriously. We recognise as a source of inventory we are always potential targets for this type of attack.
“Procedures exist to ensure all campaigns are safe and suitable before they go live. In this case no fault in those procedures has been identified. This issue was the result of unauthorised access to our systems. We are continuing at this time to work with our ad serving partner to uncover the method of access and will continue to act on any new information which comes to light.”
Alan Bentley, SVP international at Lumension, said that embedding malware in pop-up advertisements is becoming common practice and is a hacker's best friend because there is no need to entice computer users to click on anything, improving the chance of infecting users with malware.
He said: “The onus is on the organisation hosting the website to keep it clean by ensuring that the latest security holes are plugged. Organisations concerned about their employees downloading malware in the process of visiting popular business sites, need to consider turning their security protocols on their head. Preventing only what is known to be bad from entering the network is no longer sufficient. Only by allowing the known-good to execute can organisations ensure that undetected malware can not run.”
Tim Keanini, CTO of nCircle, said he believed that events such as these could fundamentally change the online advertising industry. “The online advertising industry should be scared to death because a few more incidents like this could destroy or fundamentally alter their business. The premise of user trust in ad content is already very low. A few more high profile incidents on financial services sites could do significant damage to all online ad networks,” he said.
Neil McLachlan, security services manager at Onyx Group, said: “It is likely to grow as a problem for both consumers and businesses as those behind the attacks get more sophisticated and successful.
“In terms of preventative measures that businesses can put in place to protect themselves from becoming victims of malvertising: there are specialist services, some of which are fairly new, which identifies ‘criminal' sites, and if you subscribe to the service then they can send you alerts if your PCs visit any identified criminal site. In addition to this, they recommend patches for vulnerabilities that the attackers are exploiting in order to infect the customer's machine.”