The term "malvertising" has come to be a household name in the scope of the many actions that hackers and cybercrooks conduct only to grant themselves of a substantial payday at the expense of unknowing computer users. Malvertising, in a nutshell, is an act of an entity posing as a legitimate publisher on an advertising network to deliver web surfers advertisements that are malicious in some form. As it turns out, recent sophisticated malvertising schemes are starting to have a negative impact on the Internet economy at many different levels, according to researchers at Check Point.
As we know it, the Internet and its nearly infinite content is mostly made possible by the funding from advertisement revenue. Without it, many websites would cease to exist. Advertising networks, bit and small, are at the forefront of keeping the Internet economy humming along and without many of them, the Internet would not be the world-of-knowledge hub that it is today. Commonly, advertising networks act as a middleman to broker deals between website publishers and sites that offer advertising space. Many times, the winning bid of a particular advertiser will be considered to deliver inventory to smaller advertisers, which is part of the multi-level economic model that malvertising is hitting hard.
Large Ad Networks Are A Primary Target for Malvertising
One of the largest ad networks, AdsTerra, has had malicious campaigns linked to it that date back as far as 2016, which were traced to a malvertising expert who goes by the Internet handle of Master134. Check Point researchers found that Master134 has been posing as a legitimate website publisher on the AdsTerra ad network where many of his malicious ads were being served throughout upwards of 10,000 WordPress sites. The WordPress sites targeted by Master134 were ones running an outdated version of the content management software, which exposed a vulnerability that could be exploited.
The AdsTerra platform was leveraged in a way by Master134 to artificially boost traffic where many of the ads served on the attacked sites redirected users to pages that Master134 sold through AdsTerra. The dangerous part about the redirects is that most victims were redirected to pages to download malware that distributed ransomware, banking trojans, and even bots. Such instances of spreading the most aggressive forms of malware in existence have trickled down to cause a downward spiral of certain aspects of the Internet economy. Just think, these 10,000 or more websites were serving advertisements that didn't generate any money from the common pay-per-click (CPC) or pay-per-number of impressions (CPM) campaigns. Instead, the advertisements served from Master134 unknowingly through the AdsTerra network were nothing but gateways to malware.
Traffic Fraud Leads to Poor Economic Factors On The Internet
What is often referred to as traffic fraud, is an act that is a growing problem on the Internet where traffic on the web is not accounted for in a proper fashion and advertisements are not paid or delivered to generate monetized traffic. There is a severe lack of transparency that has left digital ads unchecked in many forms throughout the Internet. In turn, traffic fraud has been a lucrative prospect for hackers and cybercrooks, where they virtually make off with billions of dollars furthering the enticement of such practices.
Interestingly enough, the end-user in all of the sophisticated malvertising schemes are none the wiser in knowing when they have been served ads from a malvertising campaign. It is not until the end-user is delivered malware intentionally that it becomes an issue for most end-users. Otherwise, being served a bogus ad or one that causes a misleading redirect will instead affect web publishers and those associated with a victimized company's website.
Preventing and stopping the multiple layers of malvertising schemes is left in the hands of virtually all digital entities and their partners, which includes advertising networks placing checks and balances in the right places to capture potential malicious activity. Unfortunately, due to the vastness of the Internet and the insurmountable amount of advertisements served on a daily basis, monitoring advertisement content isn't an easy feat. However, in knowing what to look in for, such as in cases of the recent AdsTerra network getting hit with malicious ads, researchers and digital partners can make strides to combat traffic fraud and keep the Internet economy from going in the slumps.