Of all web-based attacks, malicious advertisements or malvertisements are the fastest growing and the most difficult to identify. Nowadays, ads are used by all websites to monetise and can be seen on every webpage, which makes them a very soft target for malware authors.
These advertisements can range from 'free games or music players' to 'improving the speed of PCs/laptop' to 'online casinos' which require you to download and install a component on your PC.
It is not uncommon for websites to have around 20 different domains from which the content is pulled to make up one single web page that a user views.
Compounding the problem is the fact that a single malicious advertisement may only appear once every 1,000 page views or only to viewers from a certain geographic region, thus making it more challenging to detect and eradicate.
"It is one of the most common and cheap ways of spreading malware, second only to spam emails," explained Amuleek Bijral, country manager, India & SAARC, RSA, The Security Division of EMC.
Functions in this scripting language can be misused to redirect the user to a malicious page. As a result, although the host website is itself clean, the ad may redirect the user to a malicious page hosting web attacks.
It might open a backdoor in the user's computer and take out personal information or act as a sleeper-cell that can be used by the malware author as and when required.
No comments:
Post a Comment