Malicious Code in Online Advertising

A follow-up study conducted by Finjan’s MCRC has shed additional light on the growing presence of malicious code in online advertising. As websites depend more on advertising revenues, they often display ads from third party advertising networks, over which they may have little or no control.

While legitimate website owners trust advertisers to display non-malicious content, advertisers sometimes “sublet” their space to others. This hierarchy can often comprise several layers, seriously compromising the level of control the website owner has over advertising content.

The report includes a detailed analysis of an innocent blog site that deploys keyword-based advertisements that are placed automatically from an ad server.

However, Finjan found that the ad content also included obfuscated references to malicious code on a third site that uses multiple infection techniques to download a Trojan keylogger to the user’s machine.

Another recent example of this trend was a banner ad hiding code with the ANI exploit that was unknowingly being hosted on one of the most popular techie websites.

“As commercially-motivated hackers look for ways to reach the widest possible audience in the shortest possible time, advertising has become a prime target for malicious code,” stated Ben-Itzhak. “By targeting high-volume websites which are generally considered “trusted” by most URL filtering products, hackers can achieve higher infection rates and earn more money.”