SlideShare ist ein Scribd-Unternehmen logo

The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats

- Mark - Fullbright
- Mark - Fullbright

company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.

BildungTechnologieDesign
1 von 18
Downloaden Sie, um offline zu lesen
WHITEPAPER The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats Table of Contents ABSTRACT:............................................................................................................................................................... 3 1. MALVERTISING AND FRIENDS: THE DISSECTION ............................................................................................ 4 2. INTERNAL STRUCTURE: CATEGORIES............................................................................................................... 6 3. COUNTRIES OF ORIGIN..................................................................................................................................... 14 CONCLUSIONS ..................................................................................................................................................... 15 AUTHORS: Bianca Stanescu – Bitdefender Communication Specialist Ionut Radu – Bitdefender Online Threats Developer Cornel Radu – Bitdefender Online Threats Developer [2]
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats ABSTRACT: Reputable companies are not the only clients of advertising platforms. Scammers are doing their best to tap more of the commercial market. Almost 10 billion ad impressions were compromised by malvertising in 2012, according to the Online Trust Alliance. 1 Millions of users worldwide are exposed to malware, spam, phishing or fraud (scams), and even the most tech-savvy users can become victims. Over 100 advertising networks are serving compromised display advertising, and malvertising incidents increased by more than 250% from Q1 2010 to Q2 2010, the OTA showed. At the same time, more than one million sites carry advertising from over 300 ad networks and exchanges, according to the IAB. If we compare figures, this means that one in three ad networks may be serving malvertising. 2 Because such attack vectors are likely to develop in the future, a Bitdefender team decided to investigate the anatomy of malvertising and other e-threats injected in legitimate ad networks: fraud, spam and phishing. We first explained the dissection process, then focused on the internal structure and web categories of the baits injected by scammers into legitimate advertisements. The results confirm that business and computer and software landing pages are even more lucrative than pornography. The research also retrieved the countries where the scammy domains were registered. Some actually belong to those countries, while others are just misplacements that cyber-criminals use to avoid detection and law enforcement. After drawing an alarm signal on the evolving phenomenon of malvertising, the document also offers some guidelines to help users and advertisers avoid these e-threats. By knowing more about the anatomy of malvertising, companies, security experts and users can better fight these emerging security threats. The main findings of the paper are based on the Bitdefender technologies that instantly block phishing and fraud attempts after extracting and analyzing dangerous URLs in real time. In 2013, the security software won an Advanced+ award from AV-Comparatives and, in 2012, was proven the best in the industry at detecting phishing attempts after testing by the same independent analysis firm. The antivirus leader blocks 98% percent of phishing attempts that target users of PayPal, eBay, numerous online banks, social networks, online gaming sites, credit card data and more. [3]
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats 1. MALVERTISING AND FRIENDS: THE DISSECTION Malicious advertising, or malvertising, allows cyber-criminals to spread malicious files through online publicity. In September 2009, New York Times readers were redirected to a site hosting malware because of an injected ad. One year later, TweetMeme (which closed its doors in 2012) also suffered a scareware attack because of malvertising. These popular examples show that malvertising has become one of the most dangerous e-threats, as it can easily spread across a large number of legitimate websites without compromising them directly. Moreover, silent malvertising allows scammers to infect users with no clicking or direct interaction. To extend the definition, spamvertising, fraudvertising, and phishvertising are used to spread spam, fraudulent, and phishing URLs through legitimate online advertising networks and webpages. By visiting websites affected by malvertising and other scams, users risk infection. According to the Online Trust Alliance , cyber-criminals have two main methods to exploit advertising. 3 “An increasing trend has been to create a fictitious identity and ‘front’ purporting to be a legitimate advertiser or advertising agency,” the OTA said. “They provide upfront payment and often approach unsuspecting partners with the urgency of a breaking ad campaign. They simply provide the ad creative which appear legitimate on the surface.” The second and more “traditional approach” is to breach a vulnerable server to obtain credentials and then compromise legitimate ads to stay undetected. According to our research, these are the most common methods used by cyber-criminals to place malicious code through advertisements: • Pop-up ads for fictive downloads, such as computer and software (fake movie players, toolbars, plugins and media converters); • Hidden and obfuscated JavaScript code; • Malicious banners; • Third-party advertisements through sublet ad networks and Content Delivery Networks; • Using iframes to embed malware and to avoid detection. These fairly new phenomena are harder to combat because cyber-criminals take advantage of two key features of Internet advertising: · Dynamism: online advertising is a versatile medium that allows scammers to stay undetected, as web page content changes regularly. This open system relies on multiple parties, including advertisers, ad networks, ad exchanges, ad services and site publishers, so cyber-criminals can obscure their trail. · Externalization: companies pay ad networks to distribute ads on their websites without knowing their content and purpose. This allows cyber-criminals to pose as legitimate clients. Some fraudulent commercials also appear because big ad networks sublet some advertorial space to third-parties, usually smaller platforms. In this process, the smaller networks end up placing malicious ads on reputable web sites. Our dissection on malvertising and other e-threats ran between 23 July and 24 August 2013, when the research team randomly selected over 70,000 ads served on nearly 150,000 web sites on the greyer area of the Internet. To select the ads, we scanned search engines for over 50 relevant search terms such as download cracks, lose weight now, earn money at home, free movies, free music, games, and torrents, that regular users look for. Because ads are chameleon-like, changing regularly, we also retested the web pages for new commercials to increase our data base. Out of the total number of ads, 41,400 advertisements led to the same number of landing pages with non-identical URLs. Some were composed of the same domain and path, but with different [4]
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats parameters. These parameters help ad networks retrieve information on user behavior, such as the web site that initially brought users to click on the ad. To analyze the malware, fraud, spam and phishing prevalence, we had to put the domains under the magnifying glass. We discovered that only 15,037 unique domains were hosting the 41,400 landing pages, which means that malvertisers and “friends” place the same baits on different web sites for increased efficiency. We designed a script to open the URLs with a browser emulator that simulated user behavior by clicking on the ads and retrieving the landing pages automatically. We have also retained the redirection chain, as most ads redirect users to two or three other web sites, which register them as visitors to bring extra revenue to the publishers. According to our data, the bad ads usually have more redirects than good or neutral ads. We analyzed the initial page (client page), from the first URLs where they were redirecting to the final landing page. After we concatenated the landing pages and applied an MD5 algorithm, we obtained the unique list of signatures. We scanned them with the Bitdefender engines to check if they are blacklisted. Almost 7 per cent of the landing pages analyzed was misleading, infecting users with malware or targeting them with fraud, spam and phishing. The neutral ads represented 46%, a percentage point less than the good ones. 4 Figure 1: Distribution of good, bad and neutral ads After checking the reasons for blacklisting by the Bitdefender engines, we discovered most dangerous landing pages that were advertised on multiple web sites were fraudulent URLs luring readers with fake software, business and financial offers. After this dominant category, spam (14.89%) and malware (14.52%) also target advertising platforms, followed by phishing, which helps scammers gain money or personal data by mimicking web sites of legitimate companies. With only 4 per cent prevalence, phishing is spread less through advertising networks because users are more securitysavvy than before. In 2012, an analysis on malicious Facebook domains published by The Virus Bulletin also showed that phishing is less distributed on the social network. The research on over 20,000 domains revealed that cyber-criminals prefer more effective weapons, such as malware (54%) and fraud (34%), followed by spam (11%) and phishing (1%), as a last variant. 5 Some analyzed landing pages belong to several categories. The most common combination cybercriminals abuse is phishing with a “sense” of malware. In this way, if they don’t get users’ money and personal data through the phishing attack, they install malicious files on the system for similar or worse repercussions. Because of potential and future security threats, Bitdefender also classified over 9 per cent of the analyzed web pages as untrusted. [5]
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats Figure 2: Different types of advertising security threats and their distribution 2. INTERNAL STRUCTURE: CATEGORIES To determine the internal structure of malvertising and other e-threats, and to distinguish the relationships of its components, we retrieved the web categories of dangerous landing pages. Our research shows that malvertisers make more money out of computer & software, business and health categories, than out of pornography. Figure 3: Most dangerous web categories promoted via malvertising and other e-threats Similar research this year also showed that online advertising is more likely to spread malware than porn is. According to Cisco’s 2013 Annual Security Report , online advertisements are the riskiest of all: 182 times more likely to infect users with malware than searching the Internet for adult content. The report also revealed that the highest concentration of online security threats is found not among pornography, pharmaceutical, or gambling sites, but on major search engines, retail pages, and social networks. 6 7 [6]
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats The landing web pages were assigned to one of 19 categories, based either on the category of the domain or on the content of that specific web page. For instance, a personal blog hosted on a blogging platform will be categorized as a blog, but it could also be categorized as a gambling page, based on its content. These categories are based on the background scanning of Bitdefender technologies, which overcame the limits of standard blacklisting, by classifying domains into 43 categories. That allows the webfiltering module to develop intelligent and human-independent filtering techniques that provide more accurate ratings and work faster. Non-profitable web categories that scammers don’t usually promote through malvertising include advice (forums), blogs, drugs, education, hacking, and hate websites. This last niche category covers websites that encourage violence or racism. Usually blocked by parental control software, this category includes websites that promote religious or sex discrimination, violence, xenophobic content, and terrorism. Here are the most lucrative web categories promoted through malware, spam, fraud and phishing placed on legitimate ad networks, with recent screenshots and a short description for each of them. 1. Business: 20.73% This dominant malvertising category covers websites that promote private businesses (corporate websites). The results made it the most popular web category because fraudsters create sites that pose as legitimate businesses and target users with fake offers, usually at very low prices. Unlike phishing web sites created by breaching vulnerable web sites or domains, fraud is better crafted and has web pages registered for longer period of times. Because they can easily be mistaken for authentic companies, it takes longer before they are taken down, so their uptime is higher than that of phishing attacks . 8 Examples of fraudvertising include fake offers for online garage sales, web hosting or satellite services. 2. Computers and software: 20.29% This category covers websites that provide computer information, software or internetrelated services. Malvertising in this category included a fake Disney website that promoted sexually explicit cartoons. Other dangerous ads led users to fictive downloading for SEO plugins, video convertors and cursors. [7]
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats 3. Gambling: 12.84% This category covers online casino or lottery websites, which usually require money transfer before users can gamble. Dangerous landing pages found on ad networks trick users into sending their money and personal data with no chance to win. “Gambling” web pages also include “beating tips and cheats” web sites, which describe how to make money this way. 4. Health: 12.7% The fourth popular malvertising category typically covers websites associated with medical institutions, disease prevention and treatment, and websites that promote weight loss and pharmaceutical products, diets, etc. Malicious ads in this category offer miraculous tricks for “a tiny belly,” fraudulent detox medication and weight loss advice presented in the form of news. 5. News: 9.97% This category covers news websites that provide journalistic text, video content or newsletter services. It includes both global and local news websites. Our research showed that one in 10 dangerous landing pages were offering content presented as news. Typical fraudvertising cases include fake newsletter offers and weight-loss tips presented by a medical news “reporter.” [8]
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats 6. File Sharing: 5.54% This category includes web pages that allow users to share or store files online. Some dubious websites promoted through advertising are used for fraud, identity theft or malware infections, after luring users with fictitious software downloads. 7. Pornography: 5% This category typically covers websites containing erotic and pornographic content (text, pictures or video). For accurate blacklisting, it may also detect erotic content on mixed websites classified in multiple categories. 8. Games: 4.78% This category covers websites with game presentations, reviews, and online games such as Flash-based applications. It also includes websites that offer the possibility of buying or downloading non-browser based games. Nonlegitimate game websites promoted through malvertising lead users to fake downloads and fraudulent surveys. [9]
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats 9. Illegal: 2.5% This category covers websites related to software piracy, including peer-to-peer and tracker websites known as distribution channels for copyright content, pirated commercial software websites and discussion boards, as well as websites providing cracks, key generators and serial numbers for illegal software use. Illegal websites promoted through advertisements may lead users to malicious downloads and fraudulent URLs. 10. Job Search: 2% This category covers websites presenting job boards, job-related classified ads and career opportunities, as well as aggregators of such services. In the case of malvertising and other e-threats, the most common traps are job scams that ask users for money and personal details so they can follow their “American dream.” [10]
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats 11. Online Shop: 1.76% This category includes online stores and platforms that sell different goods or services. The typical threat infiltrating legitimate ad networks is once again fraud - scammers put up fake shops, register them on reputable TLDs such as “.com” and even design them better than some authentic ones. Poorly crafted online shops may also be breached by phishers, who can then steal users’ money and sensitive data. 12. Online Dating: 0.74% This category typically covers paid or free websites where users register to find a dating partner or a new relationship. An extension of the social networks category, online dating is typically misused to steal users’ personal details and to help social engineers craft human data bases. [11]
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats 13. Financial (Banks): 0.73% This category covers the websites of all banks and financial institutions, including loan companies, credit card agencies, and companies in charge of brokerage of securities or other financial contracts. One recent scam promoted through malvertising was a fake loan web site that got almost 200,000 Facebook likes. 14. Travel: 0.25% This category covers websites that offer travel facilities and equipment as well as destination reviews and ratings. Anti-fraud technologies blacklist fake websites in this category if they discover they were registered to trick users with fraudulent offers. Recently, a Dubai promotion web site was being advertised through malicious techniques. [12]
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats 15. Portals 0.19% This category covers websites that aggregate information from various sources and domains. Portals also offer features such as search engines, e-mail, news and entertainment information. Here’s how a recent malvertised portal looked: 16. Instant Messaging: 0.08% This category covers websites where users can chat in real time or download IM software. Such websites may be included in several other categories, such as pornography. [13]
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats 17. Webmail (0.06%), Entertainment (0.04%), Social Networks (0.04%) These three less popular malvertising categories cover websites that provide e-mail functionality as web applications, websites that provide information related to artistic activities, and social media websites. 3. COUNTRIES OF ORIGIN Research on ad networks also showed the top countries of origin for malvertising web sites. Most malvertising and other e-threats originate from the US, the Netherlands and Canada. This doesn’t necessarily mean that cyber-criminals are residents of those countries, as they can easily register web sites in any place they want to hide from law enforcement. We also discovered malicious web sites registered in remote islands. Figure 3: Countries of origin for Malvertising and other e-threats GUIDELINES To lessen the chances of getting tricked by malicious and fraudulent advertisements, users and ad networks can take several precautions: Before activating commercials on their web sites, companies and ad networks should carefully check their origin and legitimacy. To verify if a website is authentic, users and companies can look for WhoIS information to see if the web page is hosted in the country where the company is based. Most fraudulent web sites are registered for just a year, and this can also be a sign. Also, if a website was created from a private e-mail address such as contact@privacyprotect.org or john@yahoo.com, it’s almost certainly a scam. To prevent malvertising effects, keep your antivirus updated, together with your operating system and other software. Dangerous websites inserted in advertising platforms can’t download malicious files if a security solution is installed and up to date. [14]
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats CONCLUSIONS Research showed that almost 7 per cent of landing pages multiplying on advertising platforms pose serious dangers to computer users. The most dominant malicious category of all malvertising e-threats is fraud, which takes the form of fake software offers, business and financial scams. In addition, users are targeted by malware injected in legitimate ads, which helps cyber-criminals stay undetected longer. By using their baits on multiple advertising platforms, scammers also multiply their chances of making money with minimal effort. Another pertinent conclusion is that the highest concentration of online security threats promoted through advertising are found not among pornography and online dating, but on business and computer websites. In conclusion, users and other stakeholders should be more careful when dealing with online advertisements. If the inner structure of the system continues to be this open, with so many parties involved and without firm security scanning, cyber-criminals will take advantage more often of companies, advertising platforms and end-users. [15]
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats REFERENCES: DAMIAN, Alin, Understanding the domains involved in malicious activity on Facebook, Copyright © 2012 Virus Bulletin, http://www.virusbtn.com/virusbulletin/archive/2012/06/vb201206-Facebook, June 2012 DIMA, Bianca, DAMIAN, Alin, “Phishing and fraud: the make-believe industry”, Copyright © 2013 Virus Bulletin, http://www.virusbtn.com/virusbulletin/archive/2012/06/vb201206-Facebook, April 2012, Cisco 2013 Annual Security Report (ASR), https://grs.cisco.com/grsx/cust/grsCustomerSurvey. html?SurveyCode=6653&KeyCode=000204094 MLOT, Stephanie, “Online Advertising More Likely to Spread Malware than Porn”, February 1, 2013, http://www.pcmag.com/article2/0,2817,2415009,00.asp. Online Trust Alliance, “Anti-Malvertising Resources”, 29-07-2012 https://otalliance.org/resources/ malvertising.html Online Trust Alliance, Voluntary Anti-Malvertising Guidelines & Best Practices Helping to Combat Malvertising and Preserve Trust in Interactive Advertising, https://otalliance.org/docs/OTA_guidlines_ final10_18.pdf5-5. (Endnotes) 1 Online Trust Alliance (2012-07-29), “Anti-Malvertising Resources”. Retrieved 2013-25-5. https://otalliance.org/resources/malvertising.html 2 Voluntary Anti-Malvertising Guidelines & Best Practices Helping to Combat Malvertising and Preserve Trust in Interactive Advertising, https://otalliance.org/docs/OTA_guidlines_final10_18.pdf, Retrieved 2013-25-5. 3 idem 4 The web sites were considered neutral because there wasn’t sufficient data to classify them otherwise, as they only had a few visitors and no user ratings. 5 DAMIAN, Alin, Understanding the domains involved in malicious activity on Facebook, Copyright © 2012 Virus Bulletin, http://www.virusbtn.com/virusbulletin/archive/2012/06/vb201206-Facebook, June 2012, Retrieved 2013-29-09. 6 Cisco 2013 Annual Security Report (ASR), Retrieved 2013-29-09. https://grs.cisco.com/grsx/cust/grsCustomerSurvey.html?SurveyCode=6653&KeyCode=000204094 7 Stephanie Mlot February 1, 2013, Online Advertising More Likely to Spread Malware Than Porn http://www.pcmag.com/article2/0,2817,2415009,00.asp, Retrieved 2013-29-09. 8 DIMA, Bianca, DAMIAN, Alin, “Phishing and fraud: the make-believe industry”, Copyright © 2013 Virus Bulletin, http://www.virusbtn.com/virusbulletin/archive/2012/06/vb201206-Facebook, April 2012, Retrieved 2013-29-09. http://www.virusbtn.com/virusbulletin/archive/2013/04/vb201304-phishing-fraud [16]
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats [17]
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners. About Bitdefender Bitdefender is a global company that delivers security technology in more than 200 countries through a network of value-added alliances, distributors and reseller partners. Since 2001, Bitdefender has consistently produced award-winning security technology, for businesses and consumers, and is one of the top security providers in virtualization and cloud technologies. Through R&D, alliances and partnership teams, Bitdefender has created the highest standards of security excellence in both its number-one-ranked technology and its strategic alliances with some of the world’s leading virtualization and cloud technology providers. All Rights Reserved. © 2014 Bitdefender. All trademarks, trade names, and products referenced herein are property of their respective owners. FOR MORE INFORMATION VISIT: ENTERPRISE.BITDEFENDER.COM

Empfohlen

ComplianceBrief
ComplianceBriefComplianceBrief
ComplianceBriefDaryl McNutt
 
Field Guide for Validating Premium Ad Inventory
Field Guide for Validating Premium Ad InventoryField Guide for Validating Premium Ad Inventory
Field Guide for Validating Premium Ad InventoryDistil Networks
 
Kaspersky lab financial_cyberthreats_in_2017
Kaspersky lab financial_cyberthreats_in_2017Kaspersky lab financial_cyberthreats_in_2017
Kaspersky lab financial_cyberthreats_in_2017malvvv
 
Revenue sources-for-copyright-infringing-sites-in-eu-march-2015
Revenue sources-for-copyright-infringing-sites-in-eu-march-2015Revenue sources-for-copyright-infringing-sites-in-eu-march-2015
Revenue sources-for-copyright-infringing-sites-in-eu-march-2015Raffaella Natale
 
Digital ad fraud superheroes the good guys by augustine fou
Digital ad fraud superheroes the good guys by augustine fouDigital ad fraud superheroes the good guys by augustine fou
Digital ad fraud superheroes the good guys by augustine fouDr. Augustine Fou - Independent Ad Fraud Researcher
 
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad BotsDistil Networks
 
Driving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyDriving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyFirst Atlantic Commerce
 
The Evolution of Phising Attacks
The Evolution of Phising AttacksThe Evolution of Phising Attacks
The Evolution of Phising AttacksBee_Ware
 

Empfohlen

ComplianceBrief
ComplianceBriefComplianceBrief
ComplianceBriefDaryl McNutt
 
Field Guide for Validating Premium Ad Inventory
Field Guide for Validating Premium Ad InventoryField Guide for Validating Premium Ad Inventory
Field Guide for Validating Premium Ad InventoryDistil Networks
 
Kaspersky lab financial_cyberthreats_in_2017
Kaspersky lab financial_cyberthreats_in_2017Kaspersky lab financial_cyberthreats_in_2017
Kaspersky lab financial_cyberthreats_in_2017malvvv
 
Revenue sources-for-copyright-infringing-sites-in-eu-march-2015
Revenue sources-for-copyright-infringing-sites-in-eu-march-2015Revenue sources-for-copyright-infringing-sites-in-eu-march-2015
Revenue sources-for-copyright-infringing-sites-in-eu-march-2015Raffaella Natale
 
Digital ad fraud superheroes the good guys by augustine fou
Digital ad fraud superheroes the good guys by augustine fouDigital ad fraud superheroes the good guys by augustine fou
Digital ad fraud superheroes the good guys by augustine fouDr. Augustine Fou - Independent Ad Fraud Researcher
 
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad BotsDistil Networks
 
Driving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyDriving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyFirst Atlantic Commerce
 
The Evolution of Phising Attacks
The Evolution of Phising AttacksThe Evolution of Phising Attacks
The Evolution of Phising AttacksBee_Ware
 
Internet Threats and Risk Mitigation
Internet Threats and Risk MitigationInternet Threats and Risk Mitigation
Internet Threats and Risk MitigationBrandProtect
 
Better Metrics, Less Hacks: Online Travel and The Future of Web Security
Better Metrics, Less Hacks: Online Travel and The Future of Web SecurityBetter Metrics, Less Hacks: Online Travel and The Future of Web Security
Better Metrics, Less Hacks: Online Travel and The Future of Web SecurityDistil Networks
 
Field Guide To Preventing Competitor Price Scraping, Unwanted Transactions, B...
Field Guide To Preventing Competitor Price Scraping, Unwanted Transactions, B...Field Guide To Preventing Competitor Price Scraping, Unwanted Transactions, B...
Field Guide To Preventing Competitor Price Scraping, Unwanted Transactions, B...Distil Networks
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsOilPriceInformationService
 
IAB Best Practices Traffic Fraud Final
IAB Best Practices Traffic Fraud FinalIAB Best Practices Traffic Fraud Final
IAB Best Practices Traffic Fraud FinalDr. Augustine Fou - Independent Ad Fraud Researcher
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingMuhammad Haroon CISM PCI QSA ISMS LA CPTS CEH
 
Phishing website method
Phishing website methodPhishing website method
Phishing website methodarelyf_7
 
Chapter 12: Computer Mediated Communicationcmc
Chapter 12: Computer Mediated CommunicationcmcChapter 12: Computer Mediated Communicationcmc
Chapter 12: Computer Mediated CommunicationcmcRay Brannon
 
2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS Breach2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS BreachEMC
 
IC3 2019 Internet Crime Report
IC3 2019 Internet Crime ReportIC3 2019 Internet Crime Report
IC3 2019 Internet Crime Report- Mark - Fullbright
 
Phishing attack types and mitigation strategies
Phishing attack types and mitigation strategiesPhishing attack types and mitigation strategies
Phishing attack types and mitigation strategiesSarim Khawaja
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing FrameworkIJAEMSJORNAL
 
Distil Networks 2017 Bad Bot Report: 6 High Risk Lessons for Website Defenders
Distil Networks 2017 Bad Bot Report: 6 High Risk Lessons for Website DefendersDistil Networks 2017 Bad Bot Report: 6 High Risk Lessons for Website Defenders
Distil Networks 2017 Bad Bot Report: 6 High Risk Lessons for Website DefendersDistil Networks
 
Ias guide ad fraud essentials_2017 (1)
Ias guide ad fraud essentials_2017 (1)Ias guide ad fraud essentials_2017 (1)
Ias guide ad fraud essentials_2017 (1)Wossname
 
a-decade-of-phishing-wp-11-2016
a-decade-of-phishing-wp-11-2016a-decade-of-phishing-wp-11-2016
a-decade-of-phishing-wp-11-2016Eli Marcus
 
state-of-the-human-internet-report
state-of-the-human-internet-reportstate-of-the-human-internet-report
state-of-the-human-internet-reportMorgan Princing
 
Click Fraud and the Downfall of Google
Click Fraud and the Downfall of GoogleClick Fraud and the Downfall of Google
Click Fraud and the Downfall of GoogleTwinVasion
 
Significant factors for Detecting Redirection Spam
Significant factors for Detecting Redirection SpamSignificant factors for Detecting Redirection Spam
Significant factors for Detecting Redirection Spamijtsrd
 
Major 3rd-Party Data Breaches Of 2018
Major 3rd-Party Data Breaches Of 2018Major 3rd-Party Data Breaches Of 2018
Major 3rd-Party Data Breaches Of 2018NormShield
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Miningtheijes
 
Senior Fraud Protection Kit - U.S.
Senior Fraud Protection Kit - U.S. Senior Fraud Protection Kit - U.S.
Senior Fraud Protection Kit - U.S. - Mark - Fullbright
 
EMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment ProcessEMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment Process- Mark - Fullbright
 

Weitere ähnliche Inhalte

Was ist angesagt?

Internet Threats and Risk Mitigation
Internet Threats and Risk MitigationInternet Threats and Risk Mitigation
Internet Threats and Risk MitigationBrandProtect
 
Better Metrics, Less Hacks: Online Travel and The Future of Web Security
Better Metrics, Less Hacks: Online Travel and The Future of Web SecurityBetter Metrics, Less Hacks: Online Travel and The Future of Web Security
Better Metrics, Less Hacks: Online Travel and The Future of Web SecurityDistil Networks
 
Field Guide To Preventing Competitor Price Scraping, Unwanted Transactions, B...
Field Guide To Preventing Competitor Price Scraping, Unwanted Transactions, B...Field Guide To Preventing Competitor Price Scraping, Unwanted Transactions, B...
Field Guide To Preventing Competitor Price Scraping, Unwanted Transactions, B...Distil Networks
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsOilPriceInformationService
 
Phishing website method
Phishing website methodPhishing website method
Phishing website methodarelyf_7
 
Chapter 12: Computer Mediated Communicationcmc
Chapter 12: Computer Mediated CommunicationcmcChapter 12: Computer Mediated Communicationcmc
Chapter 12: Computer Mediated CommunicationcmcRay Brannon
 
2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS Breach2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS BreachEMC
 
Phishing attack types and mitigation strategies
Phishing attack types and mitigation strategiesPhishing attack types and mitigation strategies
Phishing attack types and mitigation strategiesSarim Khawaja
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing FrameworkIJAEMSJORNAL
 
Distil Networks 2017 Bad Bot Report: 6 High Risk Lessons for Website Defenders
Distil Networks 2017 Bad Bot Report: 6 High Risk Lessons for Website DefendersDistil Networks 2017 Bad Bot Report: 6 High Risk Lessons for Website Defenders
Distil Networks 2017 Bad Bot Report: 6 High Risk Lessons for Website DefendersDistil Networks
 
Ias guide ad fraud essentials_2017 (1)
Ias guide ad fraud essentials_2017 (1)Ias guide ad fraud essentials_2017 (1)
Ias guide ad fraud essentials_2017 (1)Wossname
 
a-decade-of-phishing-wp-11-2016
a-decade-of-phishing-wp-11-2016a-decade-of-phishing-wp-11-2016
a-decade-of-phishing-wp-11-2016Eli Marcus
 
state-of-the-human-internet-report
state-of-the-human-internet-reportstate-of-the-human-internet-report
state-of-the-human-internet-reportMorgan Princing
 
Click Fraud and the Downfall of Google
Click Fraud and the Downfall of GoogleClick Fraud and the Downfall of Google
Click Fraud and the Downfall of GoogleTwinVasion
 
Significant factors for Detecting Redirection Spam
Significant factors for Detecting Redirection SpamSignificant factors for Detecting Redirection Spam
Significant factors for Detecting Redirection Spamijtsrd
 
Major 3rd-Party Data Breaches Of 2018
Major 3rd-Party Data Breaches Of 2018Major 3rd-Party Data Breaches Of 2018
Major 3rd-Party Data Breaches Of 2018NormShield
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Miningtheijes
 

Was ist angesagt? (20)

Internet Threats and Risk Mitigation
Internet Threats and Risk MitigationInternet Threats and Risk Mitigation
Internet Threats and Risk Mitigation
 
Better Metrics, Less Hacks: Online Travel and The Future of Web Security
Better Metrics, Less Hacks: Online Travel and The Future of Web SecurityBetter Metrics, Less Hacks: Online Travel and The Future of Web Security
Better Metrics, Less Hacks: Online Travel and The Future of Web Security
 
Field Guide To Preventing Competitor Price Scraping, Unwanted Transactions, B...
Field Guide To Preventing Competitor Price Scraping, Unwanted Transactions, B...Field Guide To Preventing Competitor Price Scraping, Unwanted Transactions, B...
Field Guide To Preventing Competitor Price Scraping, Unwanted Transactions, B...
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
 
IAB Best Practices Traffic Fraud Final
IAB Best Practices Traffic Fraud FinalIAB Best Practices Traffic Fraud Final
IAB Best Practices Traffic Fraud Final
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In Phishing
 
Phishing website method
Phishing website methodPhishing website method
Phishing website method
 
Chapter 12: Computer Mediated Communicationcmc
Chapter 12: Computer Mediated CommunicationcmcChapter 12: Computer Mediated Communicationcmc
Chapter 12: Computer Mediated Communicationcmc
 
2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS Breach2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS Breach
 
IC3 2019 Internet Crime Report
IC3 2019 Internet Crime ReportIC3 2019 Internet Crime Report
IC3 2019 Internet Crime Report
 
Phishing attack types and mitigation strategies
Phishing attack types and mitigation strategiesPhishing attack types and mitigation strategies
Phishing attack types and mitigation strategies
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing Framework
 
Distil Networks 2017 Bad Bot Report: 6 High Risk Lessons for Website Defenders
Distil Networks 2017 Bad Bot Report: 6 High Risk Lessons for Website DefendersDistil Networks 2017 Bad Bot Report: 6 High Risk Lessons for Website Defenders
Distil Networks 2017 Bad Bot Report: 6 High Risk Lessons for Website Defenders
 
Ias guide ad fraud essentials_2017 (1)
Ias guide ad fraud essentials_2017 (1)Ias guide ad fraud essentials_2017 (1)
Ias guide ad fraud essentials_2017 (1)
 
a-decade-of-phishing-wp-11-2016
a-decade-of-phishing-wp-11-2016a-decade-of-phishing-wp-11-2016
a-decade-of-phishing-wp-11-2016
 
state-of-the-human-internet-report
state-of-the-human-internet-reportstate-of-the-human-internet-report
state-of-the-human-internet-report
 
Click Fraud and the Downfall of Google
Click Fraud and the Downfall of GoogleClick Fraud and the Downfall of Google
Click Fraud and the Downfall of Google
 
Significant factors for Detecting Redirection Spam
Significant factors for Detecting Redirection SpamSignificant factors for Detecting Redirection Spam
Significant factors for Detecting Redirection Spam
 
Major 3rd-Party Data Breaches Of 2018
Major 3rd-Party Data Breaches Of 2018Major 3rd-Party Data Breaches Of 2018
Major 3rd-Party Data Breaches Of 2018
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Mining
 

Andere mochten auch

Senior Fraud Protection Kit - U.S.
Senior Fraud Protection Kit - U.S. Senior Fraud Protection Kit - U.S.
Senior Fraud Protection Kit - U.S. - Mark - Fullbright
 
EMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment ProcessEMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment Process- Mark - Fullbright
 
Law Enforcement Provisions Related to Computer Security
Law Enforcement Provisions Related to Computer SecurityLaw Enforcement Provisions Related to Computer Security
Law Enforcement Provisions Related to Computer Security- Mark - Fullbright
 
Raytheon Millennial Cybersecurity Survey
Raytheon Millennial Cybersecurity SurveyRaytheon Millennial Cybersecurity Survey
Raytheon Millennial Cybersecurity Survey- Mark - Fullbright
 
Safeguarding Your Child's Future
Safeguarding Your Child's FutureSafeguarding Your Child's Future
Safeguarding Your Child's Future- Mark - Fullbright
 
Fourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data SecurityFourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data Security- Mark - Fullbright
 
Elder Fraud - Preventing Senior Scams
Elder Fraud - Preventing Senior ScamsElder Fraud - Preventing Senior Scams
Elder Fraud - Preventing Senior Scams- Mark - Fullbright
 

Andere mochten auch (10)

Senior Fraud Protection Kit - U.S.
Senior Fraud Protection Kit - U.S. Senior Fraud Protection Kit - U.S.
Senior Fraud Protection Kit - U.S.
 
EMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment ProcessEMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment Process
 
Children and Parents Media Use
Children and Parents Media UseChildren and Parents Media Use
Children and Parents Media Use
 
Mobile apps for kids
Mobile apps for kidsMobile apps for kids
Mobile apps for kids
 
Law Enforcement Provisions Related to Computer Security
Law Enforcement Provisions Related to Computer SecurityLaw Enforcement Provisions Related to Computer Security
Law Enforcement Provisions Related to Computer Security
 
Raytheon Millennial Cybersecurity Survey
Raytheon Millennial Cybersecurity SurveyRaytheon Millennial Cybersecurity Survey
Raytheon Millennial Cybersecurity Survey
 
Safeguarding Your Child's Future
Safeguarding Your Child's FutureSafeguarding Your Child's Future
Safeguarding Your Child's Future
 
Fourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data SecurityFourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data Security
 
Elder Fraud - Preventing Senior Scams
Elder Fraud - Preventing Senior ScamsElder Fraud - Preventing Senior Scams
Elder Fraud - Preventing Senior Scams
 
Banking Basics
Banking BasicsBanking Basics
Banking Basics
 

Ähnlich wie The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats

CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportChris Taylor
 
Android mobile platform security and malware
Android mobile platform security and malwareAndroid mobile platform security and malware
Android mobile platform security and malwareeSAT Publishing House
 
Android mobile platform security and malware survey
Android mobile platform security and malware surveyAndroid mobile platform security and malware survey
Android mobile platform security and malware surveyeSAT Journals
 
cybercrime survival guide
cybercrime survival guidecybercrime survival guide
cybercrime survival guideGary Gray, MCSE
 
Mystery Shopping Inside the Ad-Verification Bubble
Mystery Shopping Inside the Ad-Verification BubbleMystery Shopping Inside the Ad-Verification Bubble
Mystery Shopping Inside the Ad-Verification BubbleShailin Dhar
 
What is online ad fraud and what does um do about it
What is online ad fraud and what does um do about itWhat is online ad fraud and what does um do about it
What is online ad fraud and what does um do about itAlan King
 
Introduction to malvertising
Introduction to malvertising Introduction to malvertising
Introduction to malvertising Mohd Arif
 
A radical solution for broken digital advertising
A radical solution for broken digital advertisingA radical solution for broken digital advertising
A radical solution for broken digital advertisingMando Liussi
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summarySymantec Italia
 
CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문Jiransoft Korea
 
Artificial intelligence presentation slides.pptx
Artificial intelligence presentation slides.pptxArtificial intelligence presentation slides.pptx
Artificial intelligence presentation slides.pptxrakhicse
 
IRJET - PHISCAN : Phishing Detector Plugin using Machine Learning
IRJET - PHISCAN : Phishing Detector Plugin using Machine LearningIRJET - PHISCAN : Phishing Detector Plugin using Machine Learning
IRJET - PHISCAN : Phishing Detector Plugin using Machine LearningIRJET Journal
 
NAGTRI Journal Article
NAGTRI Journal ArticleNAGTRI Journal Article
NAGTRI Journal ArticleTaylre Janak
 
Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Symantec Italia
 
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...Editor IJMTER
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Symantec
 

Ähnlich wie The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats (20)

CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_Report
 
Android mobile platform security and malware
Android mobile platform security and malwareAndroid mobile platform security and malware
Android mobile platform security and malware
 
Android mobile platform security and malware survey
Android mobile platform security and malware surveyAndroid mobile platform security and malware survey
Android mobile platform security and malware survey
 
cybercrime survival guide
cybercrime survival guidecybercrime survival guide
cybercrime survival guide
 
Mystery Shopping Inside the Ad-Verification Bubble
Mystery Shopping Inside the Ad-Verification BubbleMystery Shopping Inside the Ad-Verification Bubble
Mystery Shopping Inside the Ad-Verification Bubble
 
Major Prc.pptx
Major Prc.pptxMajor Prc.pptx
Major Prc.pptx
 
What is online ad fraud and what does um do about it
What is online ad fraud and what does um do about itWhat is online ad fraud and what does um do about it
What is online ad fraud and what does um do about it
 
Introduction to malvertising
Introduction to malvertising Introduction to malvertising
Introduction to malvertising
 
W verb68
W verb68W verb68
W verb68
 
A radical solution for broken digital advertising
A radical solution for broken digital advertisingA radical solution for broken digital advertising
A radical solution for broken digital advertising
 
Ransomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacksRansomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacks
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summary
 
CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문CYREN 2013년 인터넷 위협 보고서_영문
CYREN 2013년 인터넷 위협 보고서_영문
 
Artificial intelligence presentation slides.pptx
Artificial intelligence presentation slides.pptxArtificial intelligence presentation slides.pptx
Artificial intelligence presentation slides.pptx
 
IRJET - PHISCAN : Phishing Detector Plugin using Machine Learning
IRJET - PHISCAN : Phishing Detector Plugin using Machine LearningIRJET - PHISCAN : Phishing Detector Plugin using Machine Learning
IRJET - PHISCAN : Phishing Detector Plugin using Machine Learning
 
NAGTRI Journal Article
NAGTRI Journal ArticleNAGTRI Journal Article
NAGTRI Journal Article
 
Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010
 
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
 

Mehr von - Mark - Fullbright

ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019- Mark - Fullbright
 
2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)- Mark - Fullbright
 
Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019- Mark - Fullbright
 
CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019- Mark - Fullbright
 
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...- Mark - Fullbright
 
2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)- Mark - Fullbright
 
2018 Privacy & Data Security Report
2018 Privacy & Data Security Report2018 Privacy & Data Security Report
2018 Privacy & Data Security Report- Mark - Fullbright
 
Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 - Mark - Fullbright
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft- Mark - Fullbright
 
Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017- Mark - Fullbright
 
Protecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for BusinessProtecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for Business- Mark - Fullbright
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business- Mark - Fullbright
 
2017 Data Breach Investigations Report
2017 Data Breach Investigations Report2017 Data Breach Investigations Report
2017 Data Breach Investigations Report- Mark - Fullbright
 
Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016- Mark - Fullbright
 
Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015- Mark - Fullbright
 
Identity Theft - Proactive / Reactive First Steps
Identity Theft - Proactive / Reactive First Steps Identity Theft - Proactive / Reactive First Steps
Identity Theft - Proactive / Reactive First Steps - Mark - Fullbright
 

Mehr von - Mark - Fullbright (20)

ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
 
Police, Protesters, Press, 2020
Police, Protesters, Press, 2020Police, Protesters, Press, 2020
Police, Protesters, Press, 2020
 
2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)
 
FCPA Guidance 2020
FCPA Guidance 2020FCPA Guidance 2020
FCPA Guidance 2020
 
Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019
 
CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019
 
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
 
2018 IC3 Report
2018 IC3 Report2018 IC3 Report
2018 IC3 Report
 
2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)
 
2018 Privacy & Data Security Report
2018 Privacy & Data Security Report2018 Privacy & Data Security Report
2018 Privacy & Data Security Report
 
Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018
 
Credit Score Explainer
Credit Score ExplainerCredit Score Explainer
Credit Score Explainer
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft
 
Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017
 
Protecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for BusinessProtecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for Business
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business
 
2017 Data Breach Investigations Report
2017 Data Breach Investigations Report2017 Data Breach Investigations Report
2017 Data Breach Investigations Report
 
Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016
 
Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015
 
Identity Theft - Proactive / Reactive First Steps
Identity Theft - Proactive / Reactive First Steps Identity Theft - Proactive / Reactive First Steps
Identity Theft - Proactive / Reactive First Steps
 

Kürzlich hochgeladen

Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...anjaliyadav012327
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 

Kürzlich hochgeladen (20)

Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 

The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats

  • 1. WHITEPAPER The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats
  • 2. The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats Table of Contents ABSTRACT:............................................................................................................................................................... 3 1. MALVERTISING AND FRIENDS: THE DISSECTION ............................................................................................ 4 2. INTERNAL STRUCTURE: CATEGORIES............................................................................................................... 6 3. COUNTRIES OF ORIGIN..................................................................................................................................... 14 CONCLUSIONS ..................................................................................................................................................... 15 AUTHORS: Bianca Stanescu – Bitdefender Communication Specialist Ionut Radu – Bitdefender Online Threats Developer Cornel Radu – Bitdefender Online Threats Developer [2]
  • 3. The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats ABSTRACT: Reputable companies are not the only clients of advertising platforms. Scammers are doing their best to tap more of the commercial market. Almost 10 billion ad impressions were compromised by malvertising in 2012, according to the Online Trust Alliance. 1 Millions of users worldwide are exposed to malware, spam, phishing or fraud (scams), and even the most tech-savvy users can become victims. Over 100 advertising networks are serving compromised display advertising, and malvertising incidents increased by more than 250% from Q1 2010 to Q2 2010, the OTA showed. At the same time, more than one million sites carry advertising from over 300 ad networks and exchanges, according to the IAB. If we compare figures, this means that one in three ad networks may be serving malvertising. 2 Because such attack vectors are likely to develop in the future, a Bitdefender team decided to investigate the anatomy of malvertising and other e-threats injected in legitimate ad networks: fraud, spam and phishing. We first explained the dissection process, then focused on the internal structure and web categories of the baits injected by scammers into legitimate advertisements. The results confirm that business and computer and software landing pages are even more lucrative than pornography. The research also retrieved the countries where the scammy domains were registered. Some actually belong to those countries, while others are just misplacements that cyber-criminals use to avoid detection and law enforcement. After drawing an alarm signal on the evolving phenomenon of malvertising, the document also offers some guidelines to help users and advertisers avoid these e-threats. By knowing more about the anatomy of malvertising, companies, security experts and users can better fight these emerging security threats. The main findings of the paper are based on the Bitdefender technologies that instantly block phishing and fraud attempts after extracting and analyzing dangerous URLs in real time. In 2013, the security software won an Advanced+ award from AV-Comparatives and, in 2012, was proven the best in the industry at detecting phishing attempts after testing by the same independent analysis firm. The antivirus leader blocks 98% percent of phishing attempts that target users of PayPal, eBay, numerous online banks, social networks, online gaming sites, credit card data and more. [3]
  • 4. The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats 1. MALVERTISING AND FRIENDS: THE DISSECTION Malicious advertising, or malvertising, allows cyber-criminals to spread malicious files through online publicity. In September 2009, New York Times readers were redirected to a site hosting malware because of an injected ad. One year later, TweetMeme (which closed its doors in 2012) also suffered a scareware attack because of malvertising. These popular examples show that malvertising has become one of the most dangerous e-threats, as it can easily spread across a large number of legitimate websites without compromising them directly. Moreover, silent malvertising allows scammers to infect users with no clicking or direct interaction. To extend the definition, spamvertising, fraudvertising, and phishvertising are used to spread spam, fraudulent, and phishing URLs through legitimate online advertising networks and webpages. By visiting websites affected by malvertising and other scams, users risk infection. According to the Online Trust Alliance , cyber-criminals have two main methods to exploit advertising. 3 “An increasing trend has been to create a fictitious identity and ‘front’ purporting to be a legitimate advertiser or advertising agency,” the OTA said. “They provide upfront payment and often approach unsuspecting partners with the urgency of a breaking ad campaign. They simply provide the ad creative which appear legitimate on the surface.” The second and more “traditional approach” is to breach a vulnerable server to obtain credentials and then compromise legitimate ads to stay undetected. According to our research, these are the most common methods used by cyber-criminals to place malicious code through advertisements: • Pop-up ads for fictive downloads, such as computer and software (fake movie players, toolbars, plugins and media converters); • Hidden and obfuscated JavaScript code; • Malicious banners; • Third-party advertisements through sublet ad networks and Content Delivery Networks; • Using iframes to embed malware and to avoid detection. These fairly new phenomena are harder to combat because cyber-criminals take advantage of two key features of Internet advertising: · Dynamism: online advertising is a versatile medium that allows scammers to stay undetected, as web page content changes regularly. This open system relies on multiple parties, including advertisers, ad networks, ad exchanges, ad services and site publishers, so cyber-criminals can obscure their trail. · Externalization: companies pay ad networks to distribute ads on their websites without knowing their content and purpose. This allows cyber-criminals to pose as legitimate clients. Some fraudulent commercials also appear because big ad networks sublet some advertorial space to third-parties, usually smaller platforms. In this process, the smaller networks end up placing malicious ads on reputable web sites. Our dissection on malvertising and other e-threats ran between 23 July and 24 August 2013, when the research team randomly selected over 70,000 ads served on nearly 150,000 web sites on the greyer area of the Internet. To select the ads, we scanned search engines for over 50 relevant search terms such as download cracks, lose weight now, earn money at home, free movies, free music, games, and torrents, that regular users look for. Because ads are chameleon-like, changing regularly, we also retested the web pages for new commercials to increase our data base. Out of the total number of ads, 41,400 advertisements led to the same number of landing pages with non-identical URLs. Some were composed of the same domain and path, but with different [4]
  • 5. The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats parameters. These parameters help ad networks retrieve information on user behavior, such as the web site that initially brought users to click on the ad. To analyze the malware, fraud, spam and phishing prevalence, we had to put the domains under the magnifying glass. We discovered that only 15,037 unique domains were hosting the 41,400 landing pages, which means that malvertisers and “friends” place the same baits on different web sites for increased efficiency. We designed a script to open the URLs with a browser emulator that simulated user behavior by clicking on the ads and retrieving the landing pages automatically. We have also retained the redirection chain, as most ads redirect users to two or three other web sites, which register them as visitors to bring extra revenue to the publishers. According to our data, the bad ads usually have more redirects than good or neutral ads. We analyzed the initial page (client page), from the first URLs where they were redirecting to the final landing page. After we concatenated the landing pages and applied an MD5 algorithm, we obtained the unique list of signatures. We scanned them with the Bitdefender engines to check if they are blacklisted. Almost 7 per cent of the landing pages analyzed was misleading, infecting users with malware or targeting them with fraud, spam and phishing. The neutral ads represented 46%, a percentage point less than the good ones. 4 Figure 1: Distribution of good, bad and neutral ads After checking the reasons for blacklisting by the Bitdefender engines, we discovered most dangerous landing pages that were advertised on multiple web sites were fraudulent URLs luring readers with fake software, business and financial offers. After this dominant category, spam (14.89%) and malware (14.52%) also target advertising platforms, followed by phishing, which helps scammers gain money or personal data by mimicking web sites of legitimate companies. With only 4 per cent prevalence, phishing is spread less through advertising networks because users are more securitysavvy than before. In 2012, an analysis on malicious Facebook domains published by The Virus Bulletin also showed that phishing is less distributed on the social network. The research on over 20,000 domains revealed that cyber-criminals prefer more effective weapons, such as malware (54%) and fraud (34%), followed by spam (11%) and phishing (1%), as a last variant. 5 Some analyzed landing pages belong to several categories. The most common combination cybercriminals abuse is phishing with a “sense” of malware. In this way, if they don’t get users’ money and personal data through the phishing attack, they install malicious files on the system for similar or worse repercussions. Because of potential and future security threats, Bitdefender also classified over 9 per cent of the analyzed web pages as untrusted. [5]
  • 6. The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats Figure 2: Different types of advertising security threats and their distribution 2. INTERNAL STRUCTURE: CATEGORIES To determine the internal structure of malvertising and other e-threats, and to distinguish the relationships of its components, we retrieved the web categories of dangerous landing pages. Our research shows that malvertisers make more money out of computer & software, business and health categories, than out of pornography. Figure 3: Most dangerous web categories promoted via malvertising and other e-threats Similar research this year also showed that online advertising is more likely to spread malware than porn is. According to Cisco’s 2013 Annual Security Report , online advertisements are the riskiest of all: 182 times more likely to infect users with malware than searching the Internet for adult content. The report also revealed that the highest concentration of online security threats is found not among pornography, pharmaceutical, or gambling sites, but on major search engines, retail pages, and social networks. 6 7 [6]
  • 7. The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats The landing web pages were assigned to one of 19 categories, based either on the category of the domain or on the content of that specific web page. For instance, a personal blog hosted on a blogging platform will be categorized as a blog, but it could also be categorized as a gambling page, based on its content. These categories are based on the background scanning of Bitdefender technologies, which overcame the limits of standard blacklisting, by classifying domains into 43 categories. That allows the webfiltering module to develop intelligent and human-independent filtering techniques that provide more accurate ratings and work faster. Non-profitable web categories that scammers don’t usually promote through malvertising include advice (forums), blogs, drugs, education, hacking, and hate websites. This last niche category covers websites that encourage violence or racism. Usually blocked by parental control software, this category includes websites that promote religious or sex discrimination, violence, xenophobic content, and terrorism. Here are the most lucrative web categories promoted through malware, spam, fraud and phishing placed on legitimate ad networks, with recent screenshots and a short description for each of them. 1. Business: 20.73% This dominant malvertising category covers websites that promote private businesses (corporate websites). The results made it the most popular web category because fraudsters create sites that pose as legitimate businesses and target users with fake offers, usually at very low prices. Unlike phishing web sites created by breaching vulnerable web sites or domains, fraud is better crafted and has web pages registered for longer period of times. Because they can easily be mistaken for authentic companies, it takes longer before they are taken down, so their uptime is higher than that of phishing attacks . 8 Examples of fraudvertising include fake offers for online garage sales, web hosting or satellite services. 2. Computers and software: 20.29% This category covers websites that provide computer information, software or internetrelated services. Malvertising in this category included a fake Disney website that promoted sexually explicit cartoons. Other dangerous ads led users to fictive downloading for SEO plugins, video convertors and cursors. [7]
  • 8. The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats 3. Gambling: 12.84% This category covers online casino or lottery websites, which usually require money transfer before users can gamble. Dangerous landing pages found on ad networks trick users into sending their money and personal data with no chance to win. “Gambling” web pages also include “beating tips and cheats” web sites, which describe how to make money this way. 4. Health: 12.7% The fourth popular malvertising category typically covers websites associated with medical institutions, disease prevention and treatment, and websites that promote weight loss and pharmaceutical products, diets, etc. Malicious ads in this category offer miraculous tricks for “a tiny belly,” fraudulent detox medication and weight loss advice presented in the form of news. 5. News: 9.97% This category covers news websites that provide journalistic text, video content or newsletter services. It includes both global and local news websites. Our research showed that one in 10 dangerous landing pages were offering content presented as news. Typical fraudvertising cases include fake newsletter offers and weight-loss tips presented by a medical news “reporter.” [8]
  • 9. The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats 6. File Sharing: 5.54% This category includes web pages that allow users to share or store files online. Some dubious websites promoted through advertising are used for fraud, identity theft or malware infections, after luring users with fictitious software downloads. 7. Pornography: 5% This category typically covers websites containing erotic and pornographic content (text, pictures or video). For accurate blacklisting, it may also detect erotic content on mixed websites classified in multiple categories. 8. Games: 4.78% This category covers websites with game presentations, reviews, and online games such as Flash-based applications. It also includes websites that offer the possibility of buying or downloading non-browser based games. Nonlegitimate game websites promoted through malvertising lead users to fake downloads and fraudulent surveys. [9]
  • 10. The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats 9. Illegal: 2.5% This category covers websites related to software piracy, including peer-to-peer and tracker websites known as distribution channels for copyright content, pirated commercial software websites and discussion boards, as well as websites providing cracks, key generators and serial numbers for illegal software use. Illegal websites promoted through advertisements may lead users to malicious downloads and fraudulent URLs. 10. Job Search: 2% This category covers websites presenting job boards, job-related classified ads and career opportunities, as well as aggregators of such services. In the case of malvertising and other e-threats, the most common traps are job scams that ask users for money and personal details so they can follow their “American dream.” [10]
  • 11. The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats 11. Online Shop: 1.76% This category includes online stores and platforms that sell different goods or services. The typical threat infiltrating legitimate ad networks is once again fraud - scammers put up fake shops, register them on reputable TLDs such as “.com” and even design them better than some authentic ones. Poorly crafted online shops may also be breached by phishers, who can then steal users’ money and sensitive data. 12. Online Dating: 0.74% This category typically covers paid or free websites where users register to find a dating partner or a new relationship. An extension of the social networks category, online dating is typically misused to steal users’ personal details and to help social engineers craft human data bases. [11]
  • 12. The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats 13. Financial (Banks): 0.73% This category covers the websites of all banks and financial institutions, including loan companies, credit card agencies, and companies in charge of brokerage of securities or other financial contracts. One recent scam promoted through malvertising was a fake loan web site that got almost 200,000 Facebook likes. 14. Travel: 0.25% This category covers websites that offer travel facilities and equipment as well as destination reviews and ratings. Anti-fraud technologies blacklist fake websites in this category if they discover they were registered to trick users with fraudulent offers. Recently, a Dubai promotion web site was being advertised through malicious techniques. [12]
  • 13. The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats 15. Portals 0.19% This category covers websites that aggregate information from various sources and domains. Portals also offer features such as search engines, e-mail, news and entertainment information. Here’s how a recent malvertised portal looked: 16. Instant Messaging: 0.08% This category covers websites where users can chat in real time or download IM software. Such websites may be included in several other categories, such as pornography. [13]
  • 14. The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats 17. Webmail (0.06%), Entertainment (0.04%), Social Networks (0.04%) These three less popular malvertising categories cover websites that provide e-mail functionality as web applications, websites that provide information related to artistic activities, and social media websites. 3. COUNTRIES OF ORIGIN Research on ad networks also showed the top countries of origin for malvertising web sites. Most malvertising and other e-threats originate from the US, the Netherlands and Canada. This doesn’t necessarily mean that cyber-criminals are residents of those countries, as they can easily register web sites in any place they want to hide from law enforcement. We also discovered malicious web sites registered in remote islands. Figure 3: Countries of origin for Malvertising and other e-threats GUIDELINES To lessen the chances of getting tricked by malicious and fraudulent advertisements, users and ad networks can take several precautions: Before activating commercials on their web sites, companies and ad networks should carefully check their origin and legitimacy. To verify if a website is authentic, users and companies can look for WhoIS information to see if the web page is hosted in the country where the company is based. Most fraudulent web sites are registered for just a year, and this can also be a sign. Also, if a website was created from a private e-mail address such as contact@privacyprotect.org or john@yahoo.com, it’s almost certainly a scam. To prevent malvertising effects, keep your antivirus updated, together with your operating system and other software. Dangerous websites inserted in advertising platforms can’t download malicious files if a security solution is installed and up to date. [14]
  • 15. The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats CONCLUSIONS Research showed that almost 7 per cent of landing pages multiplying on advertising platforms pose serious dangers to computer users. The most dominant malicious category of all malvertising e-threats is fraud, which takes the form of fake software offers, business and financial scams. In addition, users are targeted by malware injected in legitimate ads, which helps cyber-criminals stay undetected longer. By using their baits on multiple advertising platforms, scammers also multiply their chances of making money with minimal effort. Another pertinent conclusion is that the highest concentration of online security threats promoted through advertising are found not among pornography and online dating, but on business and computer websites. In conclusion, users and other stakeholders should be more careful when dealing with online advertisements. If the inner structure of the system continues to be this open, with so many parties involved and without firm security scanning, cyber-criminals will take advantage more often of companies, advertising platforms and end-users. [15]
  • 16. The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats REFERENCES: DAMIAN, Alin, Understanding the domains involved in malicious activity on Facebook, Copyright © 2012 Virus Bulletin, http://www.virusbtn.com/virusbulletin/archive/2012/06/vb201206-Facebook, June 2012 DIMA, Bianca, DAMIAN, Alin, “Phishing and fraud: the make-believe industry”, Copyright © 2013 Virus Bulletin, http://www.virusbtn.com/virusbulletin/archive/2012/06/vb201206-Facebook, April 2012, Cisco 2013 Annual Security Report (ASR), https://grs.cisco.com/grsx/cust/grsCustomerSurvey. html?SurveyCode=6653&KeyCode=000204094 MLOT, Stephanie, “Online Advertising More Likely to Spread Malware than Porn”, February 1, 2013, http://www.pcmag.com/article2/0,2817,2415009,00.asp. Online Trust Alliance, “Anti-Malvertising Resources”, 29-07-2012 https://otalliance.org/resources/ malvertising.html Online Trust Alliance, Voluntary Anti-Malvertising Guidelines & Best Practices Helping to Combat Malvertising and Preserve Trust in Interactive Advertising, https://otalliance.org/docs/OTA_guidlines_ final10_18.pdf5-5. (Endnotes) 1 Online Trust Alliance (2012-07-29), “Anti-Malvertising Resources”. Retrieved 2013-25-5. https://otalliance.org/resources/malvertising.html 2 Voluntary Anti-Malvertising Guidelines & Best Practices Helping to Combat Malvertising and Preserve Trust in Interactive Advertising, https://otalliance.org/docs/OTA_guidlines_final10_18.pdf, Retrieved 2013-25-5. 3 idem 4 The web sites were considered neutral because there wasn’t sufficient data to classify them otherwise, as they only had a few visitors and no user ratings. 5 DAMIAN, Alin, Understanding the domains involved in malicious activity on Facebook, Copyright © 2012 Virus Bulletin, http://www.virusbtn.com/virusbulletin/archive/2012/06/vb201206-Facebook, June 2012, Retrieved 2013-29-09. 6 Cisco 2013 Annual Security Report (ASR), Retrieved 2013-29-09. https://grs.cisco.com/grsx/cust/grsCustomerSurvey.html?SurveyCode=6653&KeyCode=000204094 7 Stephanie Mlot February 1, 2013, Online Advertising More Likely to Spread Malware Than Porn http://www.pcmag.com/article2/0,2817,2415009,00.asp, Retrieved 2013-29-09. 8 DIMA, Bianca, DAMIAN, Alin, “Phishing and fraud: the make-believe industry”, Copyright © 2013 Virus Bulletin, http://www.virusbtn.com/virusbulletin/archive/2012/06/vb201206-Facebook, April 2012, Retrieved 2013-29-09. http://www.virusbtn.com/virusbulletin/archive/2013/04/vb201304-phishing-fraud [16]
  • 17. The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats [17]
  • 18. All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners. About Bitdefender Bitdefender is a global company that delivers security technology in more than 200 countries through a network of value-added alliances, distributors and reseller partners. Since 2001, Bitdefender has consistently produced award-winning security technology, for businesses and consumers, and is one of the top security providers in virtualization and cloud technologies. Through R&D, alliances and partnership teams, Bitdefender has created the highest standards of security excellence in both its number-one-ranked technology and its strategic alliances with some of the world’s leading virtualization and cloud technology providers. All Rights Reserved. © 2014 Bitdefender. All trademarks, trade names, and products referenced herein are property of their respective owners. FOR MORE INFORMATION VISIT: ENTERPRISE.BITDEFENDER.COM