VB2016 preview: Uncovering the Secrets of Malvertising

Posted by   Martijn Grooten on   Sep 7, 2016

Two years ago, at VB2014, Bromium researcher Vadim Kotov presented a paper in which he looked at various possibilities for cybercriminals to leverage ad networks to spread malware. Unfortunately, if somewhat unsurprisingly, Vadim's predictions came true and 'malvertising' has become a huge plague on the Internet in the two years since his talk.

108x148-Chris-Boyd.jpg108x148-Jerome-Segura-bw.jpg

Despite this trend, there are many misconceptions about malvertising, the most prominent of which is the idea that you need to click on an ad to get infected, while in practice, the infection (of a vulnerable device) happens quietly in the background. All the more reason why we are glad to have a paper on the subject at VB2016.

In the paper, Malwarebytes researchers Jérôme Segura and Chris Boyd look at how criminals use legitimate ad networks to have their malicious ads "displayed" on prominent websites, and how these ads then infect the user. They also look at recent trends in malvertising, from "domain shadowing" to the increased use of SSL.

Finally, they take a look at the future of online ads and the ethics and effectiveness of ad-blockers.

 adreminder.jpg

VB2016 starts in four weeks' time and registration is still open. In the meantime, to whet your appetite, here is Vadim Kotov's VB2014 presentation on hacking the ad-network "like a boss":

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Necurs pump-and-dump spam campaign pushes obscure cryptocurrency

A Necurs pump-and-dump spam campaign pushing the lesser known Swisscoin botnet is mostly background noise for the Internet.

Alleged author of creepy FruitFly macOS malware arrested

A 28-year old man from Ohio has been arrested on suspicion of having created the mysterious FruitFly malware that targeted macOS and used it to spy on its victims.

The threat and security product landscape in 2017

At the start of the new year, Virus Bulletin looks back at the threats seen in the 2017 and at the security products that are available to help mitigate them.

Spamhaus report shows many botnet controllers look a lot like legitimate servers

Spamhaus's annual report on botnet activity shows that botherders tend to use popular, legitimate hosting providers, domain registrars and top-level domains when setting up command-and-control servers.

Tips on researching tech support scams

As tech support scammers continue to target the computer illiterate through cold calling, VB's Martijn Grooten uses his own experience to share some advice on how to investigate such scams.