- Comments: 24
- Written on: May 19th, 2010
ZDNet is reporting today that new research released by Dasient shows that as many as 1.3 million malicious ads are displayed to web surfers daily. The bad ads break down into two categories – 59% percent of them are drive-by downloads and 41% were fake-alert security software scams.
This new method of infecting PCs is called malvertising, and it is on the increase. Malicious attackers trick an ad network into running an ad that contains viruses or malware. The ad is then displayed on legitimate websites like Fox News, CNN, and others. Visitors get infected and if there is any blowback, it gets thrown at the website because most surfers don’t understand that its was the advertisement that nipped them
The research also indicated:
- The chances of getting infected from a malvertisement is 2x more likely on a weekend, and infected ads go undetected for up to 8 days on average
- 97% of Fortune 500 web sites are at a high risk of getting infected with malware through third party software providers like Java or Flash
How Do The Bad Guys Trick Fortune 500 Companies?
The bad guys are posing as a legitimate company and tricking the advertising departments of legitimate media outlets to run the malvertisements. That is why they run the ads on the weekend when no one at the big companies is paying attention. For example, in September of 2009 the New Your Times got duped:
The creator of the malicious ads posed as Vonage, the Internet telephone company, and persuaded NYTimes.com to run ads that initially appeared as real ads for Vonage. At some point, possibly late Friday, the campaign switched to displaying the virus warnings. Because The Times thought the campaign came straight from Vonage, which has advertised on the site before, it allowed the advertiser to use an outside vendor that it had not vetted to actually deliver the ads, Ms. McNulty said. That allowed the switch to take place.
It Won’t Happen to Me, Right? WRONG
If you plan on keeping safe by avoiding weekend surfing, don’t get too comfortable.
In another report recently released by Google’s Security Team, they stated that the fake-alert malware infections are now making up 50 percent of all malware delivered via ads.
In this month’s issue, Consumer Reports ranked security software. The ONLY product that was able to protect your PC against malvertisements (malware infections) was Symantec’s Norton Internet Security and Norton 360 software.
NONE of the free security products protect your computer and MOST of the paid ones (including McAfee, Webroot, and Computer Associates) don’t get the job done either. Overall, Symantec was ranked above all others.
What are you doing to keep your computer safe? Have you been stung by one of these ads?
- Comments: 1
- Written on: January 11th, 2009
I first met Joel Comm on the set of The Next Internet Millionaire, and I have to confess, I knew nothing about him. He was just some guy with a funny little goetee (we nicknamed it “The Comm” on the set).
Joel inspires me because he is the true essence of an entrepreneur. He is always looking for opportunity and is always finding it in the cleverest places.
- Comments: 4
- Written on: December 24th, 2008
12seconds was a great idea with future promise it just isn’t doing it for me and I don’t think its going to catch on. For every Twitter there are a lot of failures, and 12seconds is unfortunately one of the failures of 2008.
- Comments: 11
- Written on: March 1st, 2008
With that said, this tool technically is capable of spamming forums. If you are a white-hat and are put off by such things, then use the tools included to locate high-value threads, create accounts, and then manually visit the threads through the software’s interface and post real comments individually. Either way, this tool saves you a TON of time and typing.
- Comments: 7
- Written on: March 1st, 2008
When I installed the software, I was amazed by the number of tools that were available. I *might* not even be able to really play with them all in 10 days. I was also relieved that these were actual TOOLS – that means that in the hands of someone who is willing to WORK these are powerful software packages. No get rich quick stuff here.