Advertising networks are delivery mechanisms for malware

The Register published an article on how advertising networks used by major and popular sites are (yet once more) being hijacked by malware peddlers. IvyDNS eliminates this attack vector.

It’s just another reason to no longer treat advertising as ‘harmless’ or ‘a minor nuisance’: allowing content from unknown third parties to be downloaded to and executed on your devices is a major security risk that can lead to compromised devices and can include identity theft.

A two-year long, highly sophisticated malvertising campaign infected visitors to some of the most popular news sites in the UK, Australia, and Canada including Channel 9, Sky News, and MSN.

Readers of those news sites, just a portion of all affected (since it also affected eBay’s UK portal), were infected with modular trojans capable of harvesting account and email credentials, stealing keystrokes, capturing web cam footage, and opening backdoors.

The news sites are not at direct fault as they displayed the advertising; the ad networks and the underlying structure of high-pace and low-profit margins is what lets malvertising get its huge impact.

Read the full article here.