Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Malvertising Spikes in Q4 2010, Average Campaign Lifetime Declines

According to recent statistics coming from Dasient, a firm that helps discover and combat Web-based malware, “malvertising,” a growing method used to distribute malware via advertising tags served through an unsuspecting publisher’s Web site, saw a significant spike in Q4 2010. Dasient estimated that in the last quarter of 2010 there was a 25% increase in malvertising [ad] impressions based on the same set of networks the company monitored in Q3.

According to recent statistics coming from Dasient, a firm that helps discover and combat Web-based malware, “malvertising,” a growing method used to distribute malware via advertising tags served through an unsuspecting publisher’s Web site, saw a significant spike in Q4 2010. Dasient estimated that in the last quarter of 2010 there was a 25% increase in malvertising [ad] impressions based on the same set of networks the company monitored in Q3.

According to estimates from Dasient’s Q4 Malware Update, 1.1 Million Web sites were infected with malware in Q4 2010. There is a silver lining, however, as Dasient statistics revealed the average lifetime of a malvertising campaign dropped for the second consecutive quarter in a row — down to an average of 9.8 days, as compared to 11.1 days in Q3, and 11.8 in Q2. Cybercriminals, prefer to conduct their malvertisng attacks on weekends, a time when ad trafficking and IT departments tend to be slower to identify and respond to the attacks, a trend that appears to be consistent for obvious reasons.

Other Key Figures from the Dasient’s Q4 Malware Update:

• The top attacker domain was ipq. co, which is a free DNS forwarding service. In a effort to hide and reduce the cost of executing their attacks, cybercriminals are abusing DNS forwarding services, such as ipq.co.

• After three months of Web browsing, the probability that an average Internet user will hit an infected page is approximately 95%.

• Most Web malware attacks use a relatively small group of common exploits, as shown below, based on a study of the most commonly used exploit kit

• Most social media networks are prone to being used as distribution platforms for malware. Dasient conducted experiments across various social networking sites, and found that infections can occur relatively easily through them via user-generated-content (UGC) interactions and advertisements.

A recent incident with the London Stock Exchange Web Site serving ads from an ad network that had been serving malvertising ads and thus flagged by google as malicious, shows the damage that can be done to a brand as a result. While the London Stock Exchange didn’t technically serve malware, it was serving ads from servers that were, which caused it to be flagged as a threat to most users attempting to visit the site.

Advertisement. Scroll to continue reading.

“Financial Web sites are just as, and in some cases more likely, to use ads and ad-related resources as per a study we issued mid-last year on structural vulnerabilities. Forty-two percent (42%) of financially-oriented web sites use ads and ad-related resources, sometimes as an additional revenue stream and sometimes to manage “house” ads,” Dasient co-founder and CTO Neil Daswani told SecurityWeek. “Financial institutions have to protect themselves from malvertising in addition to other forms of web malware, to an extent even more so than other types of sites. When a financial institution’s web sites gets flagged by search engines and browsers, and users start seeing “red-screens-of-death,” it can result in a loss of trust and consumer confidence, in addition to brand damage.”

More insights from Dasient’s Q4 Malware update can be found here.

Related Reading: Malware Rising – Attacks Increasing Through Malicious Online Advertising

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.