Fighting the Scourge of Malvertising

Some 1.3 million malicious online ads are viewed every day, even on high-profile sites such as the New York Times and TechCrunch. This so-called malvertising–pop-up fake antivirus ads and seemingly standard ads that have malicious software code embedded in them in an attempt to steal data such as passwords or credit-card numbers–is often very difficult for Web publishers and ad networks, let alone consumers, to detect. Indeed, because these ads must be found manually, usually thanks to a user complaint, the average life of a malvertisement before it’s detected and taken down is more than seven days, according to the Web anti-malware service Dasient. That’s more than long enough to infect thousands of computers.

Including my wife’s PC a few months ago. That infection took more than a week to eradicate, and even then, the PC was never the same and she was forced to reinstall just about everything on it. So I have a personal interest in Dasient’s newest service, introduced this morning: what it claims is the first automated anti-malvertising service. It’s an addition, using some of the same technologies, to the 18-month-old startup’s anti-drive-by malware service. Some background from Dasient’s release:

Malicious advertising, also referred to as “malvertising,” is a relatively new attack vector for cyber criminals that is quickly on the rise. With malvertising, fake malicious ads are delivered (often via advertising networks) to well-known websites as a way to reach millions of users at once on websites they normally trust. Unlike typical spam or virus attacks, which rely on victims to click on a link in an email or accidentally download an infected program, malvertising attacks are presented on popular websites and can download malicious code directly onto a user’s computer when the victim views the compromised ad. By infiltrating an entire ad network, the criminal gains access to a broad number of syndicated websites that can spread malicious code even further.

Dasient cofounders Ameet Ranadive and Neil Daswani told me that the reason malvertising is on the rise is twofold. For one, ad networks are becoming more efficient at syndicating ads to and from each other, instantaneously, so malvertisements can spread fast. For another, advertisers increasingly are hosting their own ads, and they often don’t have the technical expertise or staff to handle bad ads–which is why you’re twice as likely to get served a bad ad on a weekend, when the creators know IT staffing is light.

Although malvertising is hardly a secret, most efforts to prevent it have focused on education and prevention. Dasient works with ad networks and publishers to analyze each ad in real time, detect changes that may mean a bad ad has been substituted for a regular one, and provide forensic trails to trace the source of the ads.

Dasient, which was founded by former Googlers Daswani and Shariq Rizvi and former McKinsey consultant Ranadive in October 2008, has raised about $2 million from investors including former Verisign CEO Stratton Sclavos, Twitter investor Mike Maples Jr. of Maples Investments, and former 3Com CEO Eric Benhamou, now CEO of Benhamou Global Ventures.

About these ads

One Response

  1. My company Canned Banners attacks this problem at its source: the ad creative. Our service allows advertisers to create their own Flash banner ads. When advertisers use our service to create banner ads, we can send the banner ad files directly to the publisher. Since all our code is completely standardized (and needless to say, malware-free), the risk of malicious code somehow being introduced into the ad is virtually zero.

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 87 other followers

%d bloggers like this: