Online Advertisements: A New Way of Spreading Malware

Why should cybercrooks have to work so hard to attack computer users when they can simply use online advertisements to spread malware?

In recent findings by security experts, it was discovered that a rogue ad was popping up on the New York Times website. The advert attempted to warn computer users of a virus and redirects them to a site that pretends to scan and fix the system. Not only does this sound familiar, but it is basically the same type of malicious tactics used by hackers to make computer users believe they must pay for something that they do not need.

How does a reputable website display malicious advertisements?

Large and popular sites are usually prime targets for hackers to exploit through ad networks where they are able to infect them with computer worms. Usually this is done through compromising an ad network or sneaking malicious code onto a website so the when a user visits the site that displays ads from the attacked ad network, they are bombarded with fake adverts that usually redirect them to a rogue or phishing web page. A new method used is when a hacker is able to spoof the email addresses of a popular website and then obtain references for their credit card to run a new ad. Little does the ad network know, the email used for setting up a new advert is from a scammer and is intentionally going to display a rogue advertisement.

Hackers seek to attack popular sites, and this includes news networks such as the NY Times web site. Since many large news networks are trusted sources, computer users do not think twice when they get a malicious advert or popup on their screen.

Rogue advertisements are nothing brand new. It is possible that rogue advertisements will be a growing epidemic among other computer parasites spreading over the internet. According to Graham Cluley, a rogue ad can be designed to download malware, log keystrokes or launch attacks on other computers. It is an easy way for an attacker to steal a person's identity, sell fake security applications or even compromise computers for the intent to have them conduct malicious actions online.

Have you ever witnessed what appeared to be a rogue advertisement on a popular website? Did you click on the ad?