back to article How a massive campaign of booby-trapped web ads went undetected for too long

Security firm Malwarebytes has published a comprehensive analysis of a recently detected malvertising attack that affected many ad networks and ran uninterrupted for almost three weeks. The tainted ad-slinging scheme affected large and small ad networks alike. What appeared to be legitimate advertisements were used to mask …

  1. DanielN

    An e-commerce website allowed random unvetted files to be loaded on its pages? How could they have been so stupid in the first place?

    1. SecretSonOfHG

      Yes, they do. It is called web advertising.

    2. Gene Cash Silver badge

      My bank, for example emits ad cookies from .ru and .cn AFTER I log in.

      That gives me the really warm fuzzies.

  2. Steven Raith

    So what we're really saying is that if the code for the active parts of adverts hasn't been checked, audited and sanitised, then no-one gets to put up an advertisement more complicated than an animated GIF? No fancy animations, no JS, no pop-ups, no pop-unders. Just a flat image, or an animated image running at no more than 3fps.

    As that should really be how it is. Simple as that.

    Steven R

    1. SecretSonOfHG

      I agree, it should be as simple as that. However, try to convince marketing folks that their custom built and very expensive product ads in the shape of a carefully crafted Flash animation have exactly the same effectiveness as a static image. Their careers are too invested to even stop and analysing what they are doing.

      As (I believe it was) Henry Ford said, 90% of all advertising is useless. The problem is that there is no way to know which part of the whole is the useful 10%

  3. Keef

    Stop Thief!

    Shirley you must allow ads or you are a thief.

    1. Mark 85 Silver badge

      Re: Stop Thief!

      Quick.. send this to Ken!!!! Adblock and HOSTS stays put on my household machines.

    2. PJF

      Re: Stop Thief!

      And I removed the "DO NOT REMOVE" tag on my newly purchased mattress. Who ya gonna call? the mattress police!!

    3. Vic

      Re: Stop Thief!

      you are a thief

      Absolutely. These malware-flingers have paid for those domains, and all that software. So by blocking the Angler exploit, you're not just interfering with pixels, you're interfering with business.


  4. This post has been deleted by its author

  5. heyrick Silver badge
  6. paulf

    Dear Internet Ad industry

    This is why I run ABP on all my machines.

    If you want to compare me to a Thief for using ABP, then I compare you to a Newsagent that sends someone round to drain all the fuel out of my car when I buy a paper.


    Long term ABP user

    PS - Sort out your Malvertising delivery networks (along with less intrusive ads and an end to the stalker like creepy tracking that facilitates delivery of said Malvertising) and I may consider white listing sites

  7. Adam Inistrator

    liability falls to the website surely

    they are getting paid for the advertising therefore I can see legal minds placing liability on the hosting web site. I can also envisage that disclaimers might be held invalid and web site owners having to insure themselves against liability

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022