Ad formats & how they can be corrupted: #2 Banners

What is a banner?

A banner ad, also known as a display banner, is an online advertising format that is typically a designed visual or an image accompanied by text or a call to action. When an end user clicks on the banner he is redirected to a landing page for the advertiser’s offer.

Why do cybercriminals target this format

Cybercriminals seek to take advantage of both display advertising and related ad landing pages to distribute multiple forms of malicious content, by leveraging the ad ecosystem to their advantage. The ad industry is a complex and powerful machine and with the growth of programmatic advertising, where the buying and selling of advertising is carried out automatically in real time, this can lead to a loss of control of the security of ads being served by ad exchanges and ad networks. The rise of programmatic advertising is helping to fuel the robust growth in malvertising. By replacing human decision making for the purchasing and placement of advertising with software in a machine to machine ecosystem, there are new opportunities for criminals to exploit display advertising to distribute malware and hide malicious code within a banner ad.

The banner is still one of the most used ad formats and because of its sheer global volume, the reach and exposure cybercriminals can achieve once they get a banner containing their malicious code to slip through the net, can be huge.

How do they do it?

Some of the most common ways criminals spread malicious banners include:

  • Malicious code hidden within the ad creative, which is enabled only once the campaign has been approved by an ad platform.
  • By compromising trustworthy and legitimate advertiser accounts on ad platforms.
  • The creation of fake identities (skype, linkedin…) in order to mislead someone in the ad chain.
  • Targeting high profile publishers rather than multiple low profile ones to maximize their exposure with a single rogue campaign.
  • Taking advantage of the naivety of end users, who mistakenly often think they need to actually click on a malicious ad to get infected

What examples has AdSecure seen of malicious advertising using this format?

Nowadays, the most common violations with banners are auto-redirects: when an infected ad is effectively being displayed on a publisher’s website, it can get to a point where the iframe will take over control of the website and redirect the visitors to malicious landing pages (containing social engineering content, or even worse, exploit kits).  

Additionally, banner ads can show inappropriate content, for example, a banner containing adult material being displayed on mainstream or even children’s websites, or the image and text of a banner ad that has been designed to mimic genuine warning alerts generated by computer security software.

What is the solution?

AdSecure helps ad platforms and publishers regain control and confidence by offering an ad quality solution capable of scanning, analyzing and detecting malicious and non-compliant ads and their related landing pages.

If you would like to find out more about incorporating AdSecure into your business, please visit our contact page for more information.

Recommended Posts