VB2016 paper: Uncovering the secrets of malvertising

Posted by   Martijn Grooten on   May 10, 2017

In his VB2014 paperBromium researcher Vadim Kotov sketched the possibilities for malicious actors to use web ads to spread exploit kits. Unsurprisingly, malicious actors also spotted those possibilities, and the advertisement ecosystem has become such a big attack surface that many security experts advise the running of ad-blockers to enhance security.

Today, we publish a paper (HTML and PDF) presented at VB2016 in Denver by Malwarebytes researchers Jérôme Segura and Chris Boyd, in which they look at this ecosystem, how it is used, and at what techniques are being utilised to spread malware. (Unfortunately, due to a technical error we are unable to publish the video of their presentation.)

 

malvertisting-fig6.jpg


Those who want to keep up with trends in exploit kits in general, and malvertising in particular, are advised to read Jérôme's posts on the Malwarebytes blog, while those who are interested in the subject of 'advergaming', mentioned in the paper as a possible future trend, should come to VB2017 to see Chris present a paper on this very subject.

Registration for VB2017 is now open - register before 30 June 2017 to qualify for the early bird rate!

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Firefox 59 to make it a lot harder to use data URIs in phishing attacks

Firefox developer Mozilla has announced that, as of version 59 of the browser, many kinds of data URIs, which provide a way to create "domainless web content", will not be rendered in the browser, thus making this trick - used in various phishing…

Standalone product test: FireEye Endpoint

Virus Bulletin ran a standalone test on FireEye's Endpoint Security solution.

VB2017 video: Consequences of bad security in health care

Jelena Milosevic, a nurse with a passion for IT security, is uniquely placed to witness poor security practices in the health care sector, and to fully understand the consequences. Today, we publish the recording of a presentation given by Jelena at…

Vulnerabilities play only a tiny role in the security risks that come with mobile phones

Both bad news (all devices were pwnd) and good news (pwning is increasingly difficult) came from the most recent mobile Pwn2Own competition. But the practical security risks that come with using mobile phones have little to do with vulnerabilities.

VB2017 paper: The (testing) world turned upside down

At VB2017 in Madrid, industry veteran and ESET Senior Research Fellow David Harley presented a paper on the state of security software testing. Today we publish David's paper in both HTML and PDF format.