Forgot your password?
typodupeerror
Advertising Security

Malvertising Up By Over 200% 174

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes "Online Trust Alliance (OTA) Executive Director and President Craig Spiezle testified before the U.S. Senate's Homeland Security and Governmental Affairs Permanent Subcommittee on Investigations, outlining the risks of malicious advertising, and possible solutions to stem the rising tide. According to OTA research, malvertising increased by over 200% in 2013 to over 209,000 incidents, generating over 12.4 billion malicious ad impressions. The threats are significant, warns the Seattle-based non-profit—with the majority of malicious ads infecting users' computers via 'drive by downloads,' which occur when a user innocently visits a web site, with no interaction or clicking required."
This discussion has been archived. No new comments can be posted.

Malvertising Up By Over 200%

Comments Filter:
  • by metrix007 (200091) on Sunday May 18, 2014 @12:51PM (#47032387)

    The others being performance and functionality related. I don't like ad's due to the security risk, and they can slow down my machine and make it very fucking hard to see the article.

    If your site has harmless ad's, that is one thing.

    On the other hand, if your site can only survive by being paid for with ads, you need a new business model.

  • by Threni (635302) on Sunday May 18, 2014 @01:07PM (#47032477)

    > On the other hand, if your site can only survive by being paid for with ads, you need
    > a new business model.

    Like Slashdot, you mean? Or is this site supported by the Bandwidth Pixies?

  • by Scutter (18425) on Sunday May 18, 2014 @01:17PM (#47032547) Journal

    It's useful, I don't know if it's convenient. Most sites won't even load anymore if you have Javascript turned off.

  • by slashmydots (2189826) on Sunday May 18, 2014 @01:36PM (#47032643)
    They're talking about 2 different things. Malware advertising is "your PC had errors. Click here to fix it" and it download some registry nagware bullshit. Drive by downloads are not ads at all. It's an exploit kit and it's what happens when the ad blocks get hacked. It's not like someone supplied exploit code to Google's advertising program. The article is talking about 2 completely different things.
  • Too many resellers (Score:5, Insightful)

    by Animats (122034) on Sunday May 18, 2014 @02:44PM (#47033001) Homepage

    Too many web sites which run ads are buying them through a chain of multiple resellers. Under current law, the web site running the ad can usually disclaim responsibility for hostile ads. That may change. The article is about testimony before the U.S. Senate's committee on homeland security. [senate.gov]

    The site that displays the ads should be held responsible. Sites which run ads would then need to protect themselves by legal and technical means. For example, if you run ads on your site, your contract with the advertising provider should provide that they will indemify and defend you should a bad ad get through.

  • by sjames (1099) on Sunday May 18, 2014 @04:05PM (#47033381) Homepage

    I'm not sure that the site owners are necessarily where the liability should fall, but it certainly need not be restricted to whoever paid for the ad. For example, if I accept $100 to "go put this box under that car", I will likely face some consequences if I can't articulate a good reason I didn't think it was a bomb.

    The ad companies have some duty not to publish malware. Now that it's common enough to have news articles written about it, they can no longer pretend that it's not something they might expect to happen.

    It's a bit disturbing that they haven't taken steps on their own since it provides a very good reason why people should block ads.

  • by CodeBuster (516420) on Sunday May 18, 2014 @04:12PM (#47033417)
    This is yet one more example illustrating precisely why ad blocking is necessary. The bloggers and others who make their living in the content business howl with righteous indignation at those of us who use these tools, but I submit that their anger is misdirected. On the contrary, it's the advertising networks who rightly deserve their wrath for allowing their business to become a cesspool of infectious viruses, worms and frankly worthless crap. Indeed, it seems that their motto is, "our advertising services are the right thing for anyone with a credit card, no questions asked." So I ask you, why should visiting your site without ad and script blocking enabled be akin to walking into the darkest corner of the bathhouse, bending over and letting everyone have their way with nary a condom nor a reach around in sight?
  • by dcollins117 (1267462) on Sunday May 18, 2014 @08:08PM (#47034757)

    No, he's implying ad servers need to start acting like a responsible industry. They pollute the web with malware and make a lot of sites unreadable with adblocking, owing to the moving, flashing and sometimes audible garbage that cover some sites.

    Google demonstrated all that is really needed are text-only ads.That's the correct ad model, IMHO. No distracting flash, no vectors for malware, and they only take a small amount of screen space. Everything else is Doing It Wrong. Again, just my opinion, but as it turns out I'm always right :P

(1) Never draw what you can copy. (2) Never copy what you can trace. (3) Never trace what you can cut out and paste down.

Working...