Security experts have called for Internet companies to do more to tackle the growing threat of "malvertising", the practice of placing fake adverts on a website to convince visitors to download malware, according to the Guardian.
Earlier this month, the New York Times website displayed such an advert, which claimed to have found a virus on the visitor's computer, before persuading them to go to a website to download the malware under the guise of "anti-virus" software. According to the New York Times, the advertiser was thought to be a legitimate company and indeed displayed legit adverts for a week, before externally changing it to a malware advert over the weekend.
"This is a growing problem," said Graham Clulely, a consultant with Sophos. "Hackers are making more and more use of ad networks to distribute their attacks to users visiting legitimate well-known sites."
"These are not random attacks. When they infect third party ad networks they may not know precisely which website will end up displaying their ads - but, frankly, they don't care about that. The important thing for them is that they get eyeballs."
Google executive Eric Davis, who is in charge of Google's anti-malvertising team, believes that greater cooperation with Internet providers is needed to tackle the issue.
"The internet service providers are in the best position to detect infected machines," said Mr Davis, talking at the Virus Bulletin conference in Geneva yesterday. "They already have monitoring systems that could be used to identify signs of malware and botnet activity."
Microsoft however, are taking a more direct approach, with the software-giant filing a series of lawsuits against suspected malvertisers.
Microsoft associate general counsel Tim Cranton said, "Although we don't yet know the names of the specific individuals behind these acts, we are filing three cases to help uncover the people responsible and prevent them from continuing their exploits."
15 Comments - Add comment