Malware menaces poison ads as Google, Yahoo! look away
Booming attack vector offers mass malware distribution, stealthy targeting
Experts recommend users run advertising or script blockers to prevent random redirection from malvertising. "Advertisers are really going to hate to hear this but blocking advertising for user protection is a really effective way of blocking malvertising," Schultz says.
Users can use script blockers or ad blockers to reduce their exposure. This reporter has anecdotal evidence that many in the industry run the likes of Ad-Block for security purposes. The scourge is so bad that Cisco's Schultz and the rest of the TALOS team recommend the blockers as a security measure. Schultz personally recommends Request Policy for Firefox users.
For Spiezle, advertising networks need to introduce a kind of fast-track ciricuit breaker system akin to the US' Trusted Traveller for air travel where indicators that reveal advertiser's identity are used to establish trust. These trusted advertisers would be known suppliers of legitimate advertisements and such would enjoy the current speed and flexibility of the ad marketplace. "Those who are not known, the company might have a new gmail and IP address, would be subject manual review.
He says trusted advertisers could still be used to foist malvertisements by insiders, but those threats are miniscule compared to the current threat. A continual rise in ad blocking adoption, which increased by 82 percent last year in the UK to include 12 million users, could be the prompting ad networks need to invest and change their business models, he says.
"I implore the advertising industry to work with us. Demonstrate that you are making sincere efforts to fight malvertising and work with the broader security community."
Bootnote The advertising systems that Google and the like have built are sophisticated systems that enable advertisements to be so dynamic that they target specific users on the sites they visit and for the things they buy, bringing what remains an advertising revenue trickle from the then golden age of print.
Therefore the need to block advertisements in the name of security is in your correspondent’s loaded and conflicted opinion (I run script blockers myself) an unfortunate solution to the growing scourge of malvertising. Ads on websites and mobile apps are like those on free-to-air television important alternatives for consumers who cannot or do not wish to pay access fees for quality content. Blocking that source of revenue as a permanent solution only throws fuel on the already raging fire.