E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants

Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


Source: MercuryNews.com

Posted on May 16, 2012

One of the sneakiest scams among cybercrooks these days involves malicious advertisements that can infect a computer with nasty software even if a person merely happens onto a website where the ads appear and doesn't click on them.

The sinister ad software, called "malvertisements," which can steal bank account passwords, disable computers or cause other mischief, have claimed millions of victims. And some experts fear worse problems may be ahead.

"What we are seeing today is the canary in the mine," said Craig Spiezle, executive director of the nonprofit Online Trust Alliance, which seeks to bolster consumer confidence in cyberspace. "It's an early warning and if we don't do more to secure the ad infrastructure, we run the risk of having much broader distribution of malware than we have today."

Experts say that could motivate more and more people to install ad-blocking software, which would cut into the ad revenue websites depend on and force their publishers to charge visitors a fee, limiting public access to the Internet.

"We're used to things being generally free," said Fran Rosch, vice president of identity and authentication services for Mountain View security and data-management company Symantec. However, he added, "if the model of advertising gets broken down because of this, we would have to start paying for a lot of content."

It's difficult to gauge the prevalence of malvertisements, largely because many website publishers aren't aware of them, security specialists say. That's also true of the business networks that provide legitimate Internet ads, said Matt Huang of Armorize Technologies, which scans the Internet for malware. Even when crooks secretly take control of the networks' servers, he said, they make their malvertisements hard to detect by only disseminating them occasionally.

Nonetheless, evidence suggests the problem is widespread and growing.

Dasient, a security firm recently bought by Twitter, last year reported that the number of daily malvertisements on websites doubled from 1.5 million during the third quarter of 2010 to 3 million in the fourth quarter. And in a recent analysis, security company RiskIQ said the tainted ads increased nearly tenfold from May 2010 to May 2011.

Using deceptive advertising from 2007 through 2011, an Eastern European gang infected more than 4 million computers, including 500,000 in the United States, according to federal charges filed in New York in November. Among other problems, the ads allegedly prevented victims from getting security updates, leaving their computers vulnerable to other viruses.

In June, a federal indictment in Minnesota charged two Latvians with a malvertising scheme that caused computer users "slow system performance, unwanted pop-ups and total system failure." The infected computers then displayed messages prompting their owners to buy antivirus products from the culprits, who allegedly netted $2 million from the caper.

In the past, a person had to click on a malvertisement for it to compromise their computer. But crooks increasingly are using "drive-by" ads that automatically infect a PC when a person just visits a site where the ad appears.

Chris Larsen, of Sunnyvale Web-security firm Blue Coat Systems, said malvertisements often search computers for bank account and other information that crooks can steal or sell to other criminals.

Businesses are harmed, too.

In the New York case, prosecutors said crooks stole millions of dollars in ad commissions from websites by replacing the sites' ads "with substituted advertisements that triggered payments to the defendants."

The reputations of website operators also can be badly damaged if their ads are suspected of being malicious, said Robert Hoblit, Symantec's director of product management. But figuring out which ad infected a computer can be complicated, he added, noting that every ad on a site may have to be taken down and checked, which can be costly.

Even if a consumer thinks he or she was victimized on a particular site, it's hard to know for sure, said Elias Manousos of RiskIQ. With malicious ads everywhere these days, he said, "it's like trying to figure out who gave you a cold."

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.