Forgot your password?
Botnet Security Advertising

Ad Networks Lay Path To Million-Strong Browser Botnet 105

Posted by Soulskill
from the your-computer-is-broadcasting-an-ip-address dept.
jfruh writes "Every day, millions of computers run unvetted, sketchy code in the form of the JavaScript that ad networks send to publishers. Usually, that code just puts an advertiser's banner ad on a web page. But since ad networks and publishers almost never check the code for malicious properties, it can become an attack vector as well. A recent presentation at the Black Hat conference showed how ad networks could be used as unwitting middlemen to create huge, cheap botnets."
This discussion has been archived. No new comments can be posted.

Ad Networks Lay Path To Million-Strong Browser Botnet

Comments Filter:
  • Yep, that. (Score:5, Informative)

    by intellitech (1912116) on Wednesday July 31, 2013 @12:16AM (#44431457)

    Ghostery [] and Adblock [] FTW.

  • Like hell they do (Score:5, Informative)

    by WD (96061) on Wednesday July 31, 2013 @12:50AM (#44431633)

    If you care about security, you're running NoScript. And they do not run.

  • The author is lying (Score:4, Informative)

    by SpicyBrownMustard (1105799) on Wednesday July 31, 2013 @01:22AM (#44431785)

    I've worked with several ad networks, on a number of issues, and can say with absolute confidence that the author has no concept of how the technology actually works, which results in an outright lie in his thread-starter.

    The JavaScript code originates with the ad delivery platform (DoubleClick, OpenX, 24/7, etc.), sometimes outsourced to the ad networks -- DoubleClick is a white label delivery platform for many ad networks. The JavaScript is tightly controlled and constantly subject to real-time auditing by several providers such as The Media Trust. The advertisers simply provide the assets -- the banner creative -- that is delivered by the ad network, optimization systems, and ad delivery platforms.

    Currently, yes, it all sucks and is why we have had blockers, but is also the only option to monetize free content -- for now.

How many QA engineers does it take to screw in a lightbulb? 3: 1 to screw it in and 2 to say "I told you so" when it doesn't work.