Geek magazine hacker daily blog

2 years, 11 months ago
Malvertising

Several last weeks the famous Forbes.com portal did not allow readers to get acquainted with the materials if on user side the advertizing disabler is switched on. So, if the reader with AdBlock or uBlock visited Forbes.com, he was asked to move away the disabler. Otherwise to get acquainted with portal content just there was no opportunity. It is difficult to find other opportunity as the same Google does not cache data of a portal correctly.

But a problem not in advertizing and not in disablers. As it appeared after the disabler of advertizing was switched-off by the user, malware under the guise of the normal program was at once offered to it. It was found by the information security specialist Brian Baskin (Brian Baskin) who zaskrinshotit a similar case.

Forbes forced readers to remove advertizing disablers, and then advertized malware

Advertizing malware exists for years, but that software that worked at the website Forbes.com - it is something unusual. By the way, from year to year "a specific variety" of the similar software increases. From 2014 to 2015 the level of online infection of the user PCs increased by 325% at once. There are several methods which are used by malefactors to look warm and fuzzy:

  • Loading of malware several days later after advertizing approval;
  • Work with each 10 or 20 user who sees advertizing;
  • Use of SSl of redirects in malware chain;
  • Data record of the user.


Something similar happens quite often. Forbes is not guilty of it, the companies of similar scale often sign agreements with advertizing networks, providing demonstration of advertizing content to the reader. And advertizing is shown such what is necessary to the advertiser. There are several methods which are used by malefactors thanks to whom "malvertising" can be implemented in an advertizing network or the website showing advertizing content.

And in 2015 many cracked websites began to improve a security system thanks to what to define a source or a consequence of attack is very difficult.

Forbes forced readers to remove advertizing disablers, and then advertized malware

It is impossible to call a unique event what happened to Forbes. Similar problems were observed also at The New York Times, The Huffington Post and other publishing houses. But Forbes tried to cancel blocking of advertizing on the resource, even to the detriment of safety gradzhan.

By the way, the websites which directly depend on advertizing can survive even if 60-80% use the disabler.

Now Forbes can consider as the first website which decided to ask readers to cancel advertizing blocking, having begun to extend Malware. Most likely, similar situations will repeat, and not only with Forbes, but also with other websites.

By the way, according to the statistics, on a request to switch-off the advertizing disabler, as a rule, less than 1% respond.

This article is a translation of the original post at geektimes.ru/post/268944/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: sysmagazine.com@gmail.com.

We believe that the knowledge, which is available at the most popular Russian IT blog geektimes.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.
Best wishes.