Technology giants with large ad networks need to do more to protect consumers from hackers infiltrating their advertising networks to deliver malicious adverts – or even point users to sites that serve malware, the U.S. Senate has warned.
Technology giants such as Yahoo and Google need to do more to protect consumers from hackers infiltrating their advertising networks to deliver malicious adverts – or even point users to sites that serve malware, the U.S. Senate has warned, according to CNBC’s report.
The Senate Permanent Subcomittee on Investigations said that punishments needed to be targeted not merely at hackers, but also at advertising networks that failed to prevent them taking advantage of their online promotions.
“Consumers can incur malware attacks [through online ads] without having taken any action other than visiting a mainstream website,” the subcommittee said, according to PC World’s report.
The subcommittee referred to two incidents in which Yahoo and Google’s advertising networks were used to deliver malicious adverts, according to Network World’s report. The report said that some advertising networks scanned for malicious advertising, but “malvertisers” scanned for this and refrained from serving ads when in danger of detection, according to Network World.
“We successfully block the vast majority of malicious or deceptive advertisements with which bad actors attack our network, and we always strive to defeat those who would compromise our customers’ security,” a representative from Yahoo said, according to Phys.org.
The panel said that Yahoo or Google were not singled out as vulnerable – and that the industry as a whole was vulnerable to attacks.
The use of malware to misdirect users means that the economics of such scams can be quite complex – with ESET’s Joan Calvet analyzing the techniques by which the Win32/Boaxxe BE malware family drive traffic to the “wrong” advertising networks in a post here.
“Boaxxe.BE, is an impressive malware family with numerous sub modules, which takes lots of precautions to stay stealthy,” says Calvet, “For example, it won’t redirect users to ads when the user clicks on common websites (Wikipedia, Facebook…), or the maintenance of its own DNS cache in order to avoid relying on the too-noisy Windows cache.”