Google, Yahoo, and Fox Ad Networks Unknowingly Spread Malware-Ridden Ads
Big ad delivery companies such as Yahoo, Google and Fox are being exploited to spread malware.
Malware exploited via ad networks is nothing new. Together, many of these large ad delivery companies make up for over 50% of all ads found over the internet. Hackers know this and it is one reason they target such networks so they can spread their malware through online ads.
A large amount of malware spread through online adverts are found to be parasites that exploit holes or vulnerabilities within popular applications such as Adobe Reader or even Microsoft's Internet Explorer web browser.
In the past, it was discovered that hackers were targeting smaller ad networks to spread malware as they could manipulate the system or their customer service so that they could sneak in their ads without any road blocks. Now the ad servers connected with the big dogs such as Yahoo and Google have been infected to serve up bad adverts.
Even though we witnessed fraudulent ads on sites such as NYTimes.com, a hacker inserting a malicious ad via a large ad network such as Google or Yahoo could reach unsuspecting computer users on a much larger scale. Because online advertisements are a major source of income for many websites, having them populated with malware could have serious repercussions in a given site's administration not getting paid.
Below in Figure 1 is a chart from Avast demonstrating the number of hits of distributed malware via large ad networks.
Figure 1. (credit: Avast) Yahoo and Fox Networks have the highest counts of distributed malware
The impact that newer malware-laden online ads could have on computer users is massive due to them being more advanced. Computer users that land on a web page that happens to have a malicious advertisement do not need to actually click on the advertisement to become infected, it happens when the ad is loaded by the browser. This new sophisticated malware ad uses JavaScript code which is basically a Trojan horse that can automatically load. This type of malware had started to appear since December 2009 and is expected to have reached millions of computer users.
Have you ever experienced a malicious advertisement on a web site? Did it install malware on your computer?