Tag: malvertisements

Celebrity gossip sites–attractive to malware distributors

15/11/2016 Data security No Comments

Articles

Who Weekly celebrity-gossip-magazine Web site

Be sure you stick with trusted news sites when you are after celebrity gossip

The most dangerous celebrities to look up on Google | BGR.com

Searching for celebrity news on Google can be dangerous for your computer | Panda Security

Malware parasites feed on PerezHilton.com gossip fans | BBC News

My Comments

An issue that has been raised is that searching for the latest news and gossip about a celebrity can be risky for your computer’s security. Panda Security even described it as being of risk to a business’s computer systems because office workers would do it during slow times in their workday. It is though this activity is still today’s equivalent of looking through the gossip magazines at the supermarket checkout or in the doctor’s waiting room.

This is because the Internet has made it easier to push up “fly-by-night” gossip Websites that are laden with malware and have these advertised.

Online ad - to be respected like advertising in printed media

Ads on sites like here need to be secure to obtain the same respect as magazine ads

It is also because there is a weakness that exists in the online advertising marketplace is that ad networks and publishers don’t subject the advertising that comes to these networks to thorough scrutiny on a safety perspective. This then allows online advertising to become a breeding ground for malware with such things as “malvertising” where scripted ads are used to “push” malware on to users’ systems. This is a topic I have raised because I am wanting to see the rise of a quality online ad marketplace that has the same level of respect as the advertising seen in traditional print media.

A similar situation happens whenever a new album or movie featuring a popular entertainer is released because sites and torrent files would pop up claiming to offer the material for free. To the same extent, this could include offers of “exclusive” photo, audio and video material relating to the content or its performers for free. The same thing also can happen with surveillance, personal-album or similar material that features celebrities in compromising situations and ends up being “leaked” to the public arena. Again these sites and the torrent “file-of-files” available to download would be a minefield of malware files if you aren’t careful.

The situation becomes worse during the time surrounding entertainment-industry awards events, the release of new headline content featuring the celebrities or whenever there are major personal events affecting these people such as new relationships or relationship breakups. The articles cited that people involved with the Hollywood entertainment scene are more likely to be targeted with fly-by-night malware sites, malvertising attempts and similar skulduggery. but I also would place at risk of this treatment the British Royal Family or past and present popular Presidents of the United States.

What can you do?

  • Make sure your regular or mobile computing device is running the latest version of the operating system and you are using the latest version of the Web browser(s) and other software that you surf the Web with. It may also be a good practice to run an up-to-date version of a desktop / endpoint security program which can scan for flaky links and files.
  • Most importantly, think before you click! When you are searching for information about a particular show, recording or star, get it “from the horse’s mouth” – go to the publisher’s or broadcaster’s site that relates to what you are after. Also visit the online presence of the mastheads that you know and trust when you are after the celebrity or entertainment-industry news. Examples of these would be those magazines available at the supermarket checkout
  • But be careful about anyone offering links to resources that are too good to be true, especially where words like “free” and “exclusive” are bandied around. These sites are the ones that are the malware traps.
  • You may find that using tools like search engines or browser plugins that verify Websites’ reputation may be of assistance when it comes to staying away from flaky Websites.
  • As for online advertising with sites that are suddenly popular, be careful about following through on these links or make sure you are using desktop security software to protect your computer against malware.

Conclusion

You can engage in the digital equivalent of browsing the gossip mags safely as long as you are sure of the resources that you are heading towards and don’t fall for the bait.

Web-page advertising needs to adopt a secure-ads strategy

20/08/2014 Data security, Network Lifestyle And Activities No Comments

Article

Beware of Risky Ads on Tumblr | MalwareBytes Unpacked

My Comments

Online ad - to be respected like advertising in printed media

Ads on sites like here need to be secure to obtain the same respect as magazine ads

Most of us who use the Web are making increased use of ad-sponsored Web sites for news, blogs, social media and the like.

In most cases, the banner advertising that appears on these Websites or on advertising-funded mobile-platform apps and is delivered in a tasteful manner provide a similar experience to the display advertising we see, accept and take for granted in newspapers, magazines and other printed media. That is where pop-up or pop-under advertising isn’t used or you don’t hear noisy video commercials playing through. It could be enough to see an animated or slide-show ad appear within the confines of the banner. Here, the advertising doesn’t interrupt the reading experience unlike with TV advertising or online-video advertising where it interrupts the viewing experience.

Such advertising, like the Google AdSense ads you see on this site, is sold on a contract that is based on cost-per-click which the advertiser pays when you click on the ad to follow through with it, or cost-per-impression which is based on simply on the ad being loaded and appearing on the site.

The malvertisement threat

But there is a security problem cropping up here in the form of “malvertisements”. These are online advertisements that are delivered to lead users to Websites that host malware. Typically they use enticing copy and graphics in the advertisements to attract users to view content on these sites and download software of questionable provenance.

Security vendors run a rhetoric that encourages us Web users to use ad-blocking software to keep our computer secure by masking all online advertising. But this can get in the way of honest advertisers and the publications that depend on them for revenue because the software works on an “all or nothing” approach.

But what can the online advertising industry do about this?

If a Website author has control over all of the advertising they admit, they can easily “fence out” malvertisements and distasteful advertising by examining what their potential advertiser is tendering at the start of and through the life of their advertising contract.

But this is not the case for most Websites where they will rely on one or more ad networks like Google AdSense to supply all or the remainder of their ad inventory. These ad networks typically source the advertising themselves and pay publishers a cut for each advertisement that appears or when someone clicks on an advertisement.

Ad networks

Malware sites advertise through these networks on a “pay-per-click-only” contract because it is a “low-risk high-return” option. But the networks could make life harder for them by, for example, vetting the creatives (advertising text, graphics, scripts and links) offered for an ad campaign before accepting them for display and through the life of the campaign. Similarly, they could make it harder to establish or sustain advertising contracts for “fly-by-night” operations like distributing malware such as implementing the ability to break-off ad contracts if the advertiser engages in deceptive conduct or not offering “very-low-risk” advertising options such as “pay-per-click-only” text ads. One way would be to require all ad contracts to be based on the requirement to pay for a particular time length or minimum number of impressions.

Ad networks can also exchange details about advertisers that engage in deceptive business practices so that the advertisers don’t go “shopping around” different ad networks to hawk their wares at the lowest risk. This is similar to a lot of proper business practices where companies are able to exchange details about known credit risks for example.

This could be part of an online advertising code of conduct to protect the validity and legitimacy of the online display advertisement as part of an advertiser’s campaign mix and as a way for Web publishers to raise some income.

Webmasters

Webmasters can work with the ad network’s control panel to reduce the kind of advertising that gets through to their ad spaces. For example, they could opt to keep the advertising that appears to tightly reflect the content and tone of their Website. The Webmaster can also exercise a tight level of control over any advertising they directly sell for their Website such as offering contracts with a minimum level of risk to the advertiser or vetting the creative material tendered by the advertisers.

As well, they can take out security measures over the Website to stop undesireable activity from occurring with their Website. This could include implementing hardened login procedures such as brute-force lockout or two-factor authentication on the critical admin and editor accounts.

Conclusion

Like most online-security issues like Wi-Fi security, it isn’t just up to end-users to do the “heavy-lifting” to keep their Web experience secure. Other stakeholders like advertising networks need to join in the game to keep a secure Web with respected online advertising and avoid exposure to liability.