Tag Archives: ads

Ads: Love or hate?

Ad-injection is an increasingly annoying and dangerous problem

Ad injecting in action on Amazon

Malvertising attacks. Image via Google Security Blog

There are basically two reactions people have when they see ads in their browser. Some think they add interesting content and possibilities, insights and ideas or even, opportunities. The other group considers them as a distraction, an invasion and a disruption to what they were doing.

But most everyone will agree, once you begin something on your laptop or mobile, especially if it’s work-related task, you want to continue what you started. Lots of people get so into what they’re doing that they don’t see or think of anything else, and when an unwelcome ad comes through, it breaks the concentration. Some will say this is a man’s perspective. But even some women I talk to agree; even though they always say they are multitasking and (cough, cough) never lose focus.

When it comes to security, ads are becoming more and more a vehicle for malware. Ad-injecting malware is really a threat nowadays. Once on your device – computer or mobile – the malware will drop new ads into any (or most) sites you visit, sending ad revenue back to remote cybercriminals. For example, malicious porn ads use this type of redirection and clicking techniques.

Research conducted by Google from June to October of 2014 concluded that deceptive ad injection is a significant problem on the web today.  They identified tens of millions of instances of ad injection and detected 5.3 million different IP addresses infected with adware, 5% of the total testing group. The research also found that Superfish, one of the notorious businesses that have ad injection libraries,  was alive and well, not only pre-installed on Lenovo laptops, but breaking SSL protections for any other computer running it in background.

Ways to control unwanted ads in your browser

Inside Avast, we are convinced that adware toolbars and browser add-ons play an important role in the ads market.

Our Browser Cleanup feature detects millions of different adwares that target browsers.

TIP: Run Avast Browser Cleanup on your computer. It has identified more than 60 million different browser add-ons which are often bundled with free software, such as video players, Java and Flash updates.

Besides toolbars and browser add-ons, free software is often bundled with unwanted extra programs making it bloatware and a PUPs vector. Again, all the ad revenue is driven back to the bundles creators. Do we really need to see – and worse, have all that garbage installed in background?

TIP: Slow down when installing free software. Read all the screens and make sure you uncheck any boxes that ask you to install a 3rd party program that you don’t know anything about. You may even consider testing it in the Avast Sandbox first.

Another door for unwanted ads to enter is through outdated software which can be a backdoor for malvertising.

TIP: Keep your browser and software up-to-date. Avast Software Updater can help you keep up with that task.

You could read our blog to learn how to reduce data collection of Windows 10 or to correctly set your Facebook settings. However, there are other measures when it comes to webpages. There are two major ad blockers for browsers: AdBlock and uBlock.

TIP: Visit our user forum to learn and discuss the right ads protection for you. You will find some of our Evangelists that can guide you with easy-to-understand hints.

Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.

Why blocking advertisements matters

What are web advertisements?

One basic premise of an advertisement is that its publisher has an adequate user base to be influential. The advertiser can be trying to get his new product out to the customer. Combine both, put it into the context of modern technology like the WWW, and big new opportunities emerge from the statically dull-looking world of HTMLs.

In most cases, advertisements are delivered through a dedicated server, the ad server. This makes it easy for the publisher to manage. All that needs to be done is to specify where the content is fetched from, the rest is taken care of by the advertising company. The latter is now able to fine-tune ads, for example via copy and design changes, to squeeze out the maximum click and conversion rates possible. Typical options for which ads can be tailored might include:

  • Browser used by the visitor
  • Browser language the visitor has set as default
  • Country, state, city the visitor resides in
  • Operating system the visitor uses
  • Plugins the user has installed (Java, Adobe Flash and Reader, Quicktime and many more)
  • Which page the visitor comes from
  • Screen resolution

This vast potential can take somewhat weird forms. Kogan Technologies, an Australia-based consumer electronics retailer, introduced the “Internet Explorer 7 Tax” which charged online shoppers with an extra 6.8% for using that browser.² Furthermore, Orbitz, an online travel planning website, has chosen to show pricier hotels to Apple Macintosh users.³

Can these ads be malicious?

This also builds the foundation for distributing malicious content. While the method of propagation is the same as with legit ads, content mostly consists of harmful JavaScript snippets. These scripts reload more scripts or simply redirect the visitor to infected web pages without user interaction – meaning: you will not feel a thing until it is too late.

Keeping in mind the options that advertisement agencies have, this opens another door. Phishing sites can be shown in the browser’s native language. Exploits and other malware can be downloaded, depending on the software installed on the victim’s computer. We have seen these types of “malvertising” sites loading malicious code during prime time – directly after the evening news. In the end, it showed that people tend to watch free online movies (often illegally) during prime time rather than during the work day.

Ransomware Screenshot

Localised ransomware

How so, please give me an example?

So, say it’s a ridiculously hot summer. You look for… an anti-perspirant by your favorite sports brand. You feed the search engine with the right terms and find a promising page on Amazon. Of course, the idea of malware striking at this moment does not even cross your mind – why would it? You click the link; bam! Now, your computer might be infected. Seems unrealistic? Too paranoid? Well, it is not.

Some weeks ago, while I was on my couch and browsing the web, this exact thing happened to me. Analyzing the sample and the signature (HTML/Badsrc.I.1) brought me to the conclusion that this definitely was no false alarm. What happened is that the advertising agency Amazon used for this particular page was delivering malicious content (Note that it is not Amazon themselves delivering the malware). The difference, for an Avira user at least, is this:

Amazon page blocked

Blocked malicious advertisement

So, can your computer be infected by browsing legit and trusted websites? Yes!

How can I protect myself?

The example above shows that being careful on the web and visiting only legit and well-known websites does not mean you cannot get infected with malware. Web advertisements have a right to exist, no doubt. Just to be on the safe side, basic malware protection should always be complemented with sophisticated URL detection and ad tracker blocking. Avira Browser Safety gives the security-concerned user just what is necessary to live free. It is able to detect malicious URLs using Avira’s globally distributed URL Cloud but will also keep pesky and harmful online ads away from you. Why not give it a try?

¹ TechChrunch: Internet Ad Spend To Reach $121B In 2014 […]

² Kogan: New Internet Explorer 7 Tax :)

³ The Wall Street Journal: On Orbitz, Mac Users Steered to Pricier Hotels

The post Why blocking advertisements matters appeared first on Avira Blog.