Simply browsing your favorite website is putting your computer at risk, thanks to the increase in malicious ads – and the problem is only getting worse. In fact, security intelligence firm RiskIQ says up to 15,000 tainted ads have appeared online in May alone, rising tenfold over the previous year.
The “malvertisements,” as they’re being called, work in a “drive-by download” manner, meaning once clicked, software is automatically installed without user consent. A fake security warning is then triggered, followed by a deceiving antivirus “protection” offer which holds computers hostage until the user pays for the false protection.
Because the process of sneaking ads into distribution channels has become so streamlined, over a billion tainted ad impressions have appeared on the internet’s top 500 websites, likely infecting millions of PCs worldwide.
Major sites such as weather.com, foxsports.com, monster.com and us news.com, just to name a few, said Elias Manousos, CEO of Risk IQ.
Even SpeedTest.net, a popular website that measures broadband connection speeds, was hit by the infectious ads. The company, which uses the OpenX ad-handling program, was able to address the problem quickly, but others who employ the same system may not be as well equipped, leaving tens of thousands of sites vulnerable to the ads.
Malvertisements are a popular and extremely effective mechanism that take advantage of weaknesses within Web browsers, says Vincent Liu, managing partner of security consultancy Stach & Liu. The average home computer user faces a high risk of being attacked by malvertisements.
The news isn’t just bad for consumers, it’s bad for the websites. Consumers who have fallen victim to the ads have been quick to bad-mouth sites they believed caused the fake antivirus protection.
Website security firm Armorize said it has documented a number of complaints that have gone viral on places like Twitter, leading to a drop in site traffic.
Publishers are seeing their traffic and transactions drop in real time, said Matt Huang, chief operating officer of Armorize.
What’s more disconcerting is that hackers creating the ads are selling tutorials, tool kits and malicious ad placement services online, meaning the problem isn’t slowing down. The Online Publishers Association, an industry group of major website publishers, hasn’t gone beyond merely acknowledging the problem. Still, awareness is growing among key stakeholders like Yahoo, Microsoft and Google, that will hopefully lead to a reduced number of malvertisements sneaking onto popular sites.
How can consumers protect themselves? Make sure your anti-virus and web browsing software is up-to-date – extensions like NoScript and AdBlock are recommended. Consumers also need to ensure copies of popular applications like Adobe Flash and Adobe PDF are current.
Consumers will be doing a lot of online shopping over the next few months, making it the perfect time for the tainted ads to strike. Most of all, practice vigilance, even on popular sites you wouldn’t think contains a corrupted ad, tread with caution.