Optimized mal-ops. Hack the ad network like a boss

Thursday 25 September 10:00 - 10:30, Red room.

Rahul Kashyap Bromium
Vadim Kotov Bromium

   This paper is available online (HTML, PDF).

  download slides (PDF)

The significant part of the web economy is web advertising. Banner networks are presented on the majority of popular websites such as YouTube, Facebook, New York Times etc. In other words, by visiting a website we implicitly allow a number of third-party JavaScript and Flash programs to execute in our browsers and this brings up some huge security concerns.

In this research we address the problem of leveraging ad networks to spread malicious programs, also known as malvertising. Yes, it's 2014, and our investigation determines that this abuse is still rampant. It puts a significantly large population at risk.

In this talk we start with the live capture of malware that we uncovered on YouTube. We then talk about the possibilities and perils that lie ahead. Our goals are to determine how web advertising could be exploited to spread malware, the chances of malicious banners being detected by security crawlers, and how malicious banners can bypass anti-malware checks and stay undetected.

We try to estimate how vulnerable the somewhat 'opaque' ad-networking industry is, and what countermeasures could be applied to lower the severity of the threats it poses.

Click here for more details about the conference.

Rahul Kashyap

Rahul Kashyap

Rahul Kashyap is Chief Security Architect, Head of Security Research at Bromium. At Bromium he is responsible for product security, R&D, Bromium Labs and industry outreach. Rahul has written several security research papers, blogs, journals and articles that are frequently quoted. Before joining Bromium, he led the worldwide Vulnerability Research teams at McAfee Labs, a wholly owned subsidiary of Intel. He has architected several cyber defence technologies on exploit prevention and mitigation for host and network security technologies.

Vadim Kotov

Vadim Kotov

Vadim Kotov is a security researcher working with Bromium Labs. He has extensive experience in the areas of reverse engineering, malware analysis and machine learning. In 2012, Vadim was a member of the security research group at the University of Trento (Italy). Vadim graduated from USATU (Russia) with a Bachelor's degree from the computer security and doctorate program. His research work has been published at events such as ESSoS and USENIX CSET. He also is an active blogger on the Bromium Labs 'Call of the Wild' blog.



We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.