Malvertising attack techniques dissected
“Bypassing ad network defences provides the perfect opportunity for attackers to target millions of users, so it is no coincidence that there has been an uptick in the number of malvertisments,” said Rahul Kashyap, chief security architect, Bromium. “The scale of this problem is as large as the Internet itself.”
In the past six months, the percentage of malicious pages detected on YouTube has decreased overall, even as more Trojans have been created, which suggests attacks have improved in obfuscating malicious content.
Bromium notes a key feature of ad networks is the ability to target certain audiences, such as users of a specific browser or operating system. A similar functionality is usually implemented in exploit kits, which provide cyber criminals with automation to test and selectively deploy malware on vulnerable machines. Malvertising is not targeting ads, it is targeting victims.
The research concludes that the scale of Web advertising is too great to realistically review all rich media for malware, and detection-based solutions can be easily circumvented or result in unacceptable rates of false alarms. However, isolating the content with micro-virtualization or blocking it may greatly mitigate the threat.