Ad formats & how they can be corrupted: #2 Banners

What is a banner?

A banner ad, also known as a display banner, is an online advertising format that is typically a designed visual or an image accompanied by text or a call to action. When an end user clicks on the banner he is redirected to a landing page for the advertiser’s offer.

Why do cybercriminals target this format

Cybercriminals seek to take advantage of both display advertising and related ad landing pages to distribute multiple forms of malicious content, by leveraging the ad ecosystem to their advantage. The ad industry is a complex and powerful machine and with the growth of programmatic advertising, where the buying and selling of advertising is carried out automatically in real time, this can lead to a loss of control of the security of ads being served by ad exchanges and ad networks. The rise of programmatic advertising is helping to fuel the robust growth in malvertising. By replacing human decision making for the purchasing and placement of advertising with software in a machine to machine ecosystem, there are new opportunities for criminals to exploit display advertising to distribute malware and hide malicious code within a banner ad.

The banner is still one of the most used ad formats and because of its sheer global volume, the reach and exposure cybercriminals can achieve once they get a banner containing their malicious code to slip through the net, can be huge.

How do they do it?

Some of the most common ways criminals spread malicious banners include:

  • Malicious code hidden within the ad creative, which is enabled only once the campaign has been approved by an ad platform.
  • By compromising trustworthy and legitimate advertiser accounts on ad platforms.
  • The creation of fake identities (skype, linkedin…) in order to mislead someone in the ad chain.
  • Targeting high profile publishers rather than multiple low profile ones to maximize their exposure with a single rogue campaign.
  • Taking advantage of the naivety of end users, who mistakenly often think they need to actually click on a malicious ad to get infected

What examples has AdSecure seen of malicious advertising using this format?

Nowadays, the most common violations with banners are auto-redirects: when an infected ad is effectively being displayed on a publisher’s website, it can get to a point where the iframe will take over control of the website and redirect the visitors to malicious landing pages (containing social engineering content, or even worse, exploit kits).  

Additionally, banner ads can show inappropriate content, for example, a banner containing adult material being displayed on mainstream or even children’s websites, or the image and text of a banner ad that has been designed to mimic genuine warning alerts generated by computer security software.

What is the solution?

AdSecure helps ad platforms and publishers regain control and confidence by offering an ad quality solution capable of scanning, analyzing and detecting malicious and non-compliant ads and their related landing pages.

If you would like to find out more about incorporating AdSecure into your business, please visit our contact page for more information.

AdSecure expands mobile carrier coverage to Australia

??

AdSecure is excited to announce that, in addition to standard and residential IPs, we now also provide mobile carrier coverage for Australia .

As of today, the following providers are available for our clients who want to check their mobile offers running in Australia:

  • Optus
  • Telstra
  • Vodafone

If you would like to find out more about incorporating AdSecure into your business, please visit https://www.adsecure.com/contact/ for more information.

AdSecure is exhibiting at Dmexco 2018

Dublin, 27 August 2018. AdSecure, the all in one anti-malvertising solution and ad verification tool used by ad networks and publishers, today announced that it is exhibiting at Dmexco, one of the world’s leading digital marketing events.

The AdSecure team will be explaining to Dmexco attendees the benefits of protecting their ad platforms and websites from malvertising and non-compliant ads with AdSecure.  

AdSecure is a fully automated platform that uses crawler technology to scan ad tags, smart links, landing pages and programmatic RTB campaigns. Scans can be performed with 3 different types of IPs: Datacenter, Residential and Mobile Carrier. AdSecure clients are immediately alerted to any suspicious activity via instant email notifications and callback URLs. The platform is fully automated and provides powerful API integration using GraphQL technology.

Mathieu Derval, Product Manager at AdSecure commented, “We are very excited to be at Dmexco to showcase our latest platform features. Additionally we will be offering an exclusive 10% discount until the end of 2018 for ad serving platforms and publishers that sign up to AdSecure at our Dmexco booth.”

AdSecure’s booth is located in Hall 7.1 #B064. Dmexco is held 12 – 13 September at Koelnmesse, Cologne.

For further press information contact: press@adsecure.com

One step further towards a better encrypted internet: HTTPS vs HTTP

With its latest release of version 68, the Chrome browser is now labelling as “Not Secure” all HTTP (unencrypted) websites.

As stated on their security blog Google explains that:

“For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “Not Secure”

The Chrome 68 omnibox will now show the “Not Secure” label for all HTTP pages, instead of the small “i” icon. This label will not only highlight the unsecured nature of the HTTP pages but will also push publishers to move over to HTTPS from HTTP.

To help drive adoption of a more secure internet, AdSecure is adding a new detection feature on its platform: “SSL non-compliant”. This new feature will help ad-platforms and publishers detect HTTPS banner tags which are loading HTTP resources that lead to generating mixed content errors on the publishers’ websites. Such a problem can cause information leakage, hence the importance of monitoring ad tags.

Here are the different elements AdSecure checks when analyzing the banner tags for SSL compliance:

  • Ensuring that the SSL and certificate version match
  • Flagging suspicious certificates: expired, revoked, untrusted (based on CA), self-signed
  • Checking mixed-content for externally loaded resources (scripts, css, img, etc…)
  • Detecting invalid CAs
  • Verifying protocol and cipher strength to reduce the risk of information leakage

AdSecure provides next-gen defenses that protect publishers and ad platforms against a wide range of attacks. To test how AdSecure can help your organization detect, investigate and respond to advanced malvertising attacks, sign up for a free trial.

AdSecure adds the detection of the auto-redirect to it’s arsenal

25 July 2018. AdSecure, the ad verification tool used by ad networks, ad operations teams and publishers, today announced that it has added the detection of the auto-redirect to it’s arsenal. The auto-redirect is considered to be an annoying format and is also widely used by cybercriminals for distributing malicious advertising.

Once a user is exposed to an auto-redirects, the format takes over his browser redirects him to another website page, this all happens with no interaction by the user. One example of how auto-redirects are delivered to the user is through a malicious banner ad. Even if the banner is only displayed and the user has not clicked on the banner it will still redirect the visitor to another webpage. The banner usually contains a JavaScript and the redirected webpage is then used as a vehicle for some form of affiliate fraud or malware. Some auto-redirect scams go as far as hijacking the browser back button or even trapping the user with a pop-up notification to prevent him from returning to the original site he was viewing.

This intrusive technique affects desktop, mobile and tablet. Mobiles are particularly affected by auto-redirects on both Android and iOS.

AdSecure’s Product Manager Mat Derval commented, “These malicious auto-redirect ads used to only affect junk websites, but recently auto-redirects have been placed on reputable websites including The New York Times amongst others. AdSecure’s team and our technology has enabled us to quickly develop and get to market the software needed to detect this malicious ad format. Ad platforms and publishers that use AdSecure’s all in one malware detection package benefit from keeping their users safe from being exposed to malicious ad formats.”

If you would like to find out more about incorporating AdSecure into your business, please visit our contact page for more information.

For further press information contact:

press@adsecure.com

Ad formats & how they can be corrupted: #1 Popunders

In this three part series we look at popular ad formats that can be corrupted with Malware. In part one we look at Popunders.

What is a Popunder?

A Popunder is a large format full screen online advertisement. It is displayed by opening a new browser window after an interaction from the user with a website (e.g. click), usually via some sort of JavaScript. The new window opens behind the one that is currently being viewed by the user. It does not interrupt the user experience. When the user closes the page he is viewing, the Popunder remains for the user to see.

Why do cybercriminals target this format?

Because Popunders usually remain unnoticed until the active browser window is closed or minimized, the user may not notice the advertisement/malvertisement for a while. Usually an ad networks Compliance team’s approval process for Popunders is less strict than for other ad formats because ad networks offering this format tend to be more flexible, for example this format is not available on Google.

How do they do it?

The cybercriminal will submit a ‘clean’ Popunder to an ad network during the review process. Once approved the cybercriminal can then inject malware script into the Popunder. Many cybercriminals will inject the malicious code for a limited time to avoid detection of the Popunder’s content change.

What examples has AdSecure seen of malicious advertising using this format?

Our system has detected the following malicious advertising on Popunders:

  • Malicious/Phishing URLs
  • Malware downloads (including ransomware)
  • Crypto-jacking
  • Scareware
  • Browser Lockers

AdSecure’s advanced crawler technology can detect changes in a Popunder’s content that is injected with Malware. Contact us to find out how we can protect your users and keep your advertising safe.

The Importance Of a Secure Ad Platform

Online advertising is a booming industry with over 204 billion dollars spent on advertising worldwide in 2017. Countless websites use advertisements to pump up their earning power and recommend useful products and services to their visitors. But many website owners fail to consider the security of their ads, leaving consumers open to risk. Here’s what you need to know to keep your ad platform secure.

What is a Secure Ad Platform?

As a consumer, how many times have you been surfing the internet, reading a news article, or making a purchase when an ad blocks your view? Often, malware ads pop up and refuse to go away, forcing you to close your browser or app to get rid of them.

As Fast Company reported in early 2018, these malware ads negatively influence the consumer experience. In fact, even big-name websites like The New York Times and The Atlantic have fallen victim to malware ads that hinder users’ ability to read and interact with articles.

The bad news is, although these ads may appear to be publisher-run material, it’s difficult for sites to find the source and remove them. As top-tier publishers are finding out, a secure ad platform is crucial for both consumer trust and a dependable income stream.

Consider the fact that malicious auto-redirect ads have cost publishers and marketers over $1 billion, according to Fast Company’s expert. Smaller businesses stand to lose a proportionate amount of their income as well if malware continues to dominate the internet.

In contrast with the spammy pop-up ads that many users run into, a secure ad platform maintains only legitimate and scam-free advertisements. This protects your audience and your reputation as a business or website owner.

A secure platform can also notify website owners of potential problems. Scanners and subsequent reports inform you when ads and landing pages are out of compliance with your specifications so that you can avoid exploit-kit based and other attacks.

Even if you don’t have secure ad software to do the work for you, there are still steps you can to recognize and mitigate security risks.

Security Red Flags to Watch For

Filtering out legitimate versus malware ads without software involves thoroughly checking your website and files for signs of “infection.” From viruses to Trojan software, there’s a lot that can hide in advertisements.

Code Changes

On the back end of your website, keeping an eye out for unauthorized code changes can help you catch malware before it wreaks havoc. Often, spam ads “hack” into your website’s code and cause annoying and potentially viral popup ads.

Unfortunately, because these malware ads are attempting to go unnoticed, they can be hard to identify. However, some programs scan your code and automatically make backup files. You can do this manually, too, with a bit of general coding knowledge.

Sluggish Site Behavior

While you may be more concerned with what’s happening behind the scenes on your website, it helps to visit your website the way your audience does. This way, you can gauge your site’s loading speed. The longer it takes to load, the more likely there’s a problem with your ad platform.

Visiting your website from the front end will also show you any malware that’s currently active. If you experience popup ads when you load your site, you’ll know you need to take a closer look at the administrative end.

How to Stay Secure with Ads

While it can be hard to get rid of malware ads once they infiltrate your site, some simple preventative measures can help avoid them in the first place. Here are a few ways to stay secure with ads.

Use Secure Hosting

Depending on your business model, you may look for the least expensive hosting option available. But according to InfoWorld, hackers tend to target shared hosting servers. Because shared Web hosting servers host multiple domains, their information stores give hackers tons of information for phishing.

The alternative to shared server hosting is dedicated hosting, which often costs more but allows you more control over your server. You can also add extra security precautions that prevent hackers from readily accessing your information.

Run Malware Checks

Scanning your ad tags and landing pages for any issues can help identify malware before it takes over your website. You can also run checks from more than one browser, device, or location to ensure that everything is running smoothly.

Keep Things Simple

Overall, the more features on your website, the more likely you will fall victim to security breaches. That’s because complex code can hide malware codes more effectively, meaning you may not notice a website malfunction until a user reports it. At that point, you may have lost revenue already.

Trimming down the features on your website can help reduce your odds of falling victim to hacking, but that doesn’t mean you have to forgo interactive features that your customers will find useful.

PixelPrivacy.com is all about making the world of online security accessible to everyone. Check out Pixel Privacy’s blog if you’re interested in keeping your private information just that: Private!

AdSecure’s platform is the intelligent defense against malvertising. If you are a publisher or an ad network our software will alert you when malware is being served on your website or network and keep all of your advertising safe. Contact us for a free trial 

Malvertising and Ransomware

Six questions about ransomware and malvertising with AdSecure’s Product Manager Mathieu Derval.

What role does phishing play in ransomware attacks?

Phishing is probably one of the most popular social engineering types of attack.  The objective is to trick someone into clicking on a link contained within a message that looks like it comes from a well-known/genuine company (often including a copycat logo) and then the user is tricked either stole sensitive information (login, password or other) through a fake online form which seems to be legit, or in other cases, download infected files that executes as soon as the user open it, encrypting their data and asking for a ransom.

From an ad verification solution point of view, phishing is indeed an important vector of ransomware spreading. Malvertising campaigns are crafted by cybercriminals to lure victims to click on ads or links in websites that will redirect them to other websites hosting exploit kits designed to use vulnerabilities in web browsers or plugins on the visitor’s computers to install and execute ransomware.

How serious a threat is ransomware?

Apart from traditional spam distribution, ad networks and publishers may often act unwittingly as intermediaries, targeting thousands or even millions of potential victims. The standard way for attackers to spread malware is to disguise their ads and hide them in the latest multimedia software, free antivirus or even security utilities, when in reality these are malicious products. These kinds of ads are often designed to cause shock or anxiety and entice visitors to click on them. The second way, commonly known as a drive-by attack, is when visitors go to websites that happen to have malicious ads placed upon them. A script hidden in an infected ad will run in the background and look for vulnerabilities on the user’s computer so it can quietly download and execute a malicious application such as ransomware.

What are the best ways to prevent a ransomware attack?

– Do not open any emails from untrusted sources.

– Update your browser to the latest available version – Some malvertising attacks exploit security holes directly in the browsers.

– Keep your plugins updated and disable or uninstall the ones you don’t frequently use, including java.

– Patch your operating system – Install security updates and update your operating system every time a patch comes around to reduce your exposure to zero-day based attacks.

– Get a good anti-virus/anti-malware – Run regular scans of your computer and make sure it is always updated.

– When using your mobile, only installs apps from original app stores and try to run background checks before installing any suspicious apps.

– Ad platforms and publishers have to constantly monitor their ads thanks to ad verification tool, especially after the campaigns are live since attackers can enable the malicious payload only once the ad has been approved by the ad network. This is where solutions like AdSecure come into play: by allowing ad platforms and publishers to automate scanning of their offers or ad zones at regular intervals from multiple locations and devices. As soon as any abnormal behavior is detected an email notification is immediately sent to the ad platform/publisher giving them access to a comprehensive report containing the entire ad redirect chain and creative sources.

How can an active ransomware attack be contained?

For the ad platforms, the challenge lies into being capable of detecting and identifying the malicious campaign while it is active (which usually varies between a few hours and a couple of days so that criminals can try to ensure that it remains undetected). For this reason ad platforms need to monitor and scan the offers running on their network continuously to be able to stop the propagation as soon as possible.

Does it ever make sense to pay a ransom?

This criminal business model has proven to be very lucrative given the vast and varied potential of victims. Law enforcement officials discourage victims from paying ransoms, there is no guarantee whatsoever that your files will be accessible again after you pay the ransom. Yet, many will come down to pay those ransoms in the hope of getting their files back. This decision should be the last resort, in case all other alternatives failed (no offline backup available to recover the encrypted files or no free decryption tool available). As long as individuals and organizations will continue to pay ransoms, we can’t expect to see this criminal scheme to disappear.

How is ransomware likely to evolve over the next few years?

Even if during the last few months Crypto-Mining attacks have been center stage and that cybercriminals are increasingly embracing this new form of making money from the internet, Ransomware attacks will probably continue to increase and to evolve in the next years: the threat landscape will see more and more well organized and well-funded groups that will employ technical tools or software vulnerabilities, such as the exploit EternalBlue used with the Wannacry attack in may 2017, but also social engineering skills to access computer systems and network. At the same time, we can expect Ransomware-as-a-service to become more accessible cybercriminals will expand their target not only financial objectives, but also political and strategic interests, with intend to cause damages and not only extortion.

AdSecure provides next-gen defenses that protect publishers and ad platforms against a wide range of attacks in real-time including cryptojacking. To test how AdSecure can help your organization detect, investigate, and respond to advanced malvertising attacks, sign up for a free trial.

The increasing threat of cryptocurrency miners [Part 1]

Cryptojacking, the practice of exploiting computer’s processing power to mine cryptocurrencies without the owner’s consent or knowledge, appears to be the new Eldorado for cybercriminals after its popularity exploded last autumn.

The idea of in-browser mining started in the early days of Bitcoin, in May 2011 to be precise, when an innovative service known as BitcoinPlus.com was launched. At that time mining Bitcoin was still cheap and easy. This service integration was very similar to the Coinhive one, currently the most popular library since its launch in September 2017; It consisted in a piece of javascript code that site owners would embed into their pages to make visitors mine for them, in exchange of a small percentage fee for using that service. As Bitcoin became more and more popular worldwide, it became harder and harder to mine for cryptocurrencies on home-grade hardware. With the arrival and democratization of ASIC chips in 2013, the era when you could mine Bitcoin on personal computers came to an end. Yet, with the introduction of alternative coins like Monero in 2014 (which purportedly offers increased privacy by obfuscating the participants in a transaction, as well as the amounts), the idea of mining on regular laptops and desktop computers was revived.

Fast forward to 2017, the cryptocurrency industry has changed drastically: the diversity of altcoins available (more than 1,000), the total market capitalization skyrocketed to more than $150 billion, and the revival of in-browser mining through services like Coinhive, JSEcoin, Cryptoloot and similar copycats have certainly provoked cybercriminal interest.

From the original idea of providing a monetization alternative to regular display ads for webmasters, to the usage we see today, we will review in this post a few examples of deceitful and malicious implementation that have been uncovered during the last few months:

Coinhive & co:

As mentioned above, one of the most popular tools among cryptojackers is a javascript library called Coinhive, that can start mining the cryptocurrency Monero when a webpage has loaded. Many websites, like The Pirate Bay for example, quickly incorporated it to generate additional revenue, but without asking users’ permission. In December, AdGuard released a study were they exposed four of the most popular streaming and video-conversion websites (Openload, Streamango.com, Rapidvideo.com, OnlineVideoConverter.com). According to SimilarWeb, these four sites register 992 million visits monthly, which could generate monthly earnings of more than $320,000 and this without user consent or awareness.

Soon enough, hackers found ways to inject such scripts into high-traffic websites like Showtime, the LA Times, Polifact and even Youtube (by hijacking advertisements from the DoubleClick platform) and they started mining cryptocurrencies for themselves without the publishers’ or  users’’ knowledge or consent. Nevertheless, publishers were not the only ones getting hacked; at the end of October, an unknown hacker managed to hijack Coinhive’s CloudFlare account which allowed him to modify its DNS servers and replace Coinhive’s official JavaScript code embedded into thousands of websites with a malicious version.

WordPress:

It comes as no surprise, that WordPress websites would be among the platforms to become a victim of cryptojacking. According to security researcher Troy Mursch from Bad Packets Report, there were around 30,000 WordPress sites infected with cryptomining scripts in November 2017, this number has been steadily growing to reach more that 50,000 in March 2018. This figure includes WordPress websites, where mining scripts are quietly running in the background, for some the integration would have been done by the publisher himself, the rest are either compromised or have been hijacked by plugins, such as “Animated Weather Widget by weatherfor.us” that sneakily inject mining script to generate money by extorting users’ computer resources, and this is, needless to say, without the publishers’ knowledge.

Browser extensions:

Cryptojacking is not limited to websites, browser extensions have also been caught mining cryptocurrency on thousands of computers. For example “Archive Poster,” a browser extension designed to help Tumblr users perform various tasks remained on the Chrome Web Store for days while silently cryptojacking an unknown portion of their 100,000+ users. After multiple user reports, followed by multiple media covering the issue, the extension was removed.

Public Wi-Fi:

In another example, which took place in December at a Buenos Aires Starbucks, a customer using the public wi-fi discovered that someone had manipulated the wi-fi system, delaying the connection in order to mine Monero with shoppers’ devices. CoffeeMiner uses a man-in-the-middle (MITM) attack to hijack users connecting to wi-fi hotspots and injected mining code into all HTML pages requested by those users.

We’ll cover in the second part of this blog post, some more cases describing how cryptojacking has quickly become a favorite revenue stream for cybercriminals.

AdSecure provides next-gen defenses that protect publishers and ad platforms against a wide range of attacks in real-time including cryptojacking. To test how AdSecure can help your organization detect, investigate, and respond to advanced malvertising attacks, sign up for a free trial.

Meet with AdSecure at MWC 2018

Mobile World Congress is the world’s largest gathering for the mobile industry, organised by the GSMA and held in the Mobile World Capital, Barcelona, 26 February – 1 March 2018.

AdSecure is attending the Mobile World Congress on the 27th and 28th of February 2018.

AdSecure’s latest platform feature scans for Google compliance

AdSecure, the ad verification tool used by ad networks, ad operations teams and publishers, today announced that it has updated its scanning technology to recognise and flag advertisements that are not compliant with Google’s Abusive Experience Report. AdSecure’s latest platform feature uses state-of-the-art image recognition technology, machine learning and AI to recognise all ad formats and creatives that Google considers to be abusive and therefore non-compliant.  

According to Google’s Abusive Experience Report the following ads are specifically designed to mislead users and are therefore non-compliant:

  • Auto-redirect the page without action from the user.
  • Take the user to an ad landing page or other content when they click anywhere outside of the user-visible border of the element.
  • Resemble system or site warnings or error messages.
  • Simulate messages, dialog boxes or request notifications.
  • Depict features which do not work.
  • Display a “close” button that does anything other than closing the element when clicked.
  • Imitate Antivirus Alerts

Source: https://support.google.com/webtools/answer/7347327

Source: https://blog.chromium.org/

Google states that from 15th February, publishers that feature any of the aforementioned abusive ad experiences will receive a violation notification. The publisher will have 30 days to stop displaying the non compliant ads and will have to submit their site for review via WebTools for approval from Google. For each listed experience, Google will provide a brief definition, the URL of the incriminated page, screenshots and a short video that shows the misleading element(s).

Once the publisher has fixed all the issues from the report, he will have to submit his website for review. Even though Google has not publicly shared an exact time frame on how long the review process would take, some sources seem to indicate that the review could take around two weeks. If the publisher fails to comply, external links (window.open/new tabs) will be blocked on the entire site which lead to a loss of ad revenue, including from Google Adwords.

Mathieu Derval, Product Manager at AdSecure commented, “We are excited to be adding new violations that Google considers as abusive to our detection arsenal. This new platform feature is a ‘must have’ for ad network platforms, publishers and ad operations teams. Not only does it ensure that publisher revenues are not compromised by penalisation from Google, but publishers continue to preserve trust and security within the online advertising ecosystem.”

Derval continued, “AdSecure clients have the capacity to run comprehensive scans to inspect their ad tags and will receive real-time notification alerts through AI assisted analysis, each alert features a comprehensive report listing the non-compliant elements, allowing clients to take immediate action and reduce the risk of their own publisher clients getting flagged by Google.”

If you would like to find out more about incorporating AdSecure into your business, please visit https://www.adsecure.com/contact/ for more information.

3 reasons to use AdSecure’s new Residential IP scanning technology

The AdSecure engineering team has been very busy over the last few weeks, and we are very excited to announce a major product enhancement that will further improve the overall detection of malicious ads. The new feature offers clients the possibility of scanning tags and landing pages from Residential IPs.

Residential proxies are IP addresses from a standard Internet Service Provider (ISP), often DSL or cable, that are wired directly into a user’s home, unlike Datacenter proxies, which are IP addresses that come from a secondary corporation and work by hiding the users’ IP addresses from the internet.

AdSecure’s Residential IP features allows you to:

1-  Beat cloaking practices

Cloaking is a common technique used by bad actors to display different ads or landing pages to users than the ones that are approved by ad platforms. Because ad platforms usually use Datacenter and not rotating IPs, it is easy for a criminal to know which IP address the compliance team is using during the review process, so the bad actor fools them by serving a compliant ad, while serving a malicious version to the rest of visitors.

2- See what real users see

Now you can scan ads and landing pages that are the ones being seen by ‘real’ users so you can verify the integrity of each offer.

3- Safeguard Your Audience.

Protect your users and your reputation by stopping non-compliant ads and landing pages.

As of today AdSecure gives you access to Residential IP scanning for over 70 GEOs including: US, Canada, Germany, France, Mexico, Italy, Thailand, Brazil and many more. In the near future AdSecure be adding more Residential IPs.

Contact us now if you are interested in testing this feature for free.

AdSecure launches ad scanning for premium 3G mobile carrier IPs

Barcelona, 13 November 2017.  AdSecure, the ad verification tool used by ad networks, ad operations teams and publishers, today announced that it has significantly improved its mobile ad scanning technology by implementing 3G proxies across a range of countries and mobile carriers.  

This new platform feature allows clients to scan live campaigns that are targeting specific mobile users.  This is a highly powerful feature as advertisers tend to show different type of offers for 3G and Wifi users, and this can be challenging to monitor.  

The feature works by allowing clients to scan by country, 3G carrier network and iOS or Android.  Once a fraudulent, malicious, non-compliant campaign or landing page is detected the client is immediately emailed a comprehensive analysis of each anomaly detected, which leads to a better understanding of the ad’s redirection chain  so that they can take action.  AdSecure has deployed this feature in 16 countries, supporting over 50  mobile carriers. And planning to release new mobile carriers in the near future, to offer the widest range of 3G proxies in the market. Current locations include :

  • Austria: A1 / T-Mobile / Three
  • Belgium: Base / Orange / Proximus
  • Brazil : Claro /OI / TIM / Vivo
  • Canada: Bell / Rogers / Telus
  • France: Bouygues Telecom / Free / Orange / SFR
  • Germany: e-plus / O2 / T-mobile / Vodafone
  • India: Airtel / Vodafone / Idea / Aircel
  • Italy: Three / Tim / Vodafone / Wind
  • Mexico: AT&T / Movistar / Telcel
  • Netherlands: KPN / T-Mobile / Vodafone
  • Poland: Plus / T-Mobile
  • Portugal: Meo / Nos / Vodafone
  • Spain: Movistar / Orange / Vodafone / Yoigo
  • Switzerland: Orange / Sunrise / Swisscom
  • UK: EE / O2 / Three / Vodafone
  • USA: AT&T / Sprint / T-Mobile / Verizon

A full list can be viewed here.

Mat Derval, Product Manager at AdSecure commented, “AdSecure’s core mission is to protect the internet browsing experience and the addition of our new 3G feature allows clients to scan ad campaigns aimed at desktop and/or mobile 3G connections.  Now publishers and ad networks have the the tools to immediately identify fraudulent campaigns and ensure that their ad space inventory is filled with compliant, malware free ads to protect their users.  Additionally ad networks working with affiliates can now scan affiliate mobile offers and mobile carriers can scan ads that are using their 3G network.”

AdSecure will add more countries and mobile carriers very shortly.  For further information visit https://www.adsecure.com

Meet with AdSecure at Madrid Mobile Summit

The Madrid Mobile Summit is the ultimate event for everyone in the apps/games/adtech ecosystem – whether you’re an app marketer, publisher, developer, startup or VC – you’ll find sessions on how to grow long lasting and profitable apps, how to monetize apps using advertising and in-app purchases and how to get more users, keep them and analyze your data.

AdSecure is attending the Madrid Mobile Summit on the 14th of November 2017. To book a meeting with Mat, contact us

Nearly 1.5 million phishing sites are created each month

One area of cyber crime that that has picked up dramatically over the last 12 months is phishing.  If you are not familiar with what phishing is, it is the art of tricking people in to handing over their credentials or access to protected systems. Phishing campaigns tend to be huge email blasts that contain either links or attachments. You click a link that takes you to a website that looks like your bank’s, and enter your credentials without thinking. Or in the case of a more sophisticated attack, you click a link or attachment which installs a piece of malware which compromises a system or network.

Verizon’s 2016 Data Breach Investigations Report carried out a study of 150,000 phishing emails and alarmingly, 30 percent of phishing messages were opened – up from 23 percent in the 2015 report – and 13 percent of those clicked to open the malicious attachment or nefarious link.

It seems that cyber criminals are on a major phishing expedition, with the latest figures from The Webroot Quarterly Threat Trends Report stating that 1.385 million new phishing sites are created each month.  May 2017 set a new monthly record with 2.3 million sites created.

The report also states that phishing sites are getting much harder to detect as they are becoming much more sophisticated.  They also found that these sites tend to stay up for a very short period of time: between four and eight hours. This enables the sites to avoid getting tracked or blacklisted. Even if the blacklists are updated hourly, they are generally 3–5 days out of date by the time they’re made available, by which time the sites in question may have already victimized users and disappeared.  The report also found that criminals are using company impersonations as one of their main techniques, posing as emails from Google, Chase, Dropbox, PayPal and Facebook being the biggest targets.

Malvertising campaign exploits users’ browsers to Mine Cryptocurrencies

The popularity of mining cryptocurrency within the browser is on the rise. In the last few weeks we came across many cases of this new trend, which consists in using a piece of javascript code to mine different cryptocurrencies directly through the visitor’s browser. Despite the perfomance drop of using this javascript mining approach you can bet that the attackers are able to generate substantial profits.

The JavaScript code is a modified version of MineCrunch, a notorious script which can be used to mine cryptocurrencies through the browser. MineCrunch was released back in 2014 and seems to be making a comeback. The crooks were mainly interested in Monero, Feathercoin and Litecoin, which can be mined with a standard CPU with little difference in overall results compared to running more advanced hardware.

Rather than tricking users into downloading cryptocurrency mining malware, cybercriminals are buying traffic from ad networks and distributing malicious JavaScript instead of a traditional advertisement. This approach has a clear advantage as it is easier to reach a significant number of machines by “infecting” websites than it is by infecting user machines. Streaming and gaming websites have apparently been preferentially targeted, since end-users tend to spend more time on these sites and may be less likely to notice the increased activity on their computer resources, or will assume it’s caused by the game or video itself as opposed to cryptocurrency mining activity.

This new kind of malvertising attack points out once again the need for ad platforms and publishers to use ad verification tool to protect their network, reputation and visitors safety. AdSecure now offers the detection of crypto-mining activity. Contact us to see how we can help safeguard your network or sites against malvertising.

Don’t let your users be held to ransom by ransomware.

ansomware targets businesses, government institutions, public services such as hospitals, council offices and of course people at home. Home computers are perhaps the easiest way for cyber-criminals to carry out attacks as your average Joe doesn’t have a cyber-security department protecting him like businesses and organisations do. Many individuals at home think that an anti virus programme will protect them. This is simply not the case. As we have mentioned in previous blog posts, cyber-criminals sometimes distribute malware via online ads and landing pages, so if you are an ad network or a publisher, we recommend that you protect your users with a product such as AdSecure. Not only will you be helping to keep ransomware at bay, you will also be protecting users from being exposed to ransomware and keep that valuable trust from clients and website visitors because they will be protected from attack.

So let’s have a closer look at the history of ransomware, why ransomware creators and distributors find home users easy targets and what happens when a user is infected.

Ransomware history

The very first ransomware emerged way back in 1989. Named the AIDS Trojan, it spread via floppy disks and each victim was asked to send $189 ransom to a post office box in Panama. Of course nowadays ransomware is much more sophisticated and the growth of crypto-currencies has ensured ransomware is a much more attractive proposition to cyber criminals.

Types of ransomware

There are two types of ransomware: Locker ransomware, this locks the victim out of the operating system, which makes it impossible for them to access their desktop, apps and files. In this case the files are not encrypted, but the attackers ask for a ransom to unlock the infected computer. The second is Encrypting ransomware, which uses advanced encryption algorithms. It blocks system files and then demands payment in exchange for a key that can decrypt the blocked content.

Home users are easy targets and here’s why…

  • They rarely create, or don’t do data backups.
  • They don’t always keep their software up to date.
  • They think that it can’t happen to them.
  • They have little or no cyber security awareness/education, meaning that they can easily be persuaded to click on almost anything.
  • They are much less likely to purchase cyber security solutions with most home users still relying on antivirus software, but this can be ineffective because ransomware uses evasion techniques so it is undetected by traditional antivirus software.
  • And of course the sheer volume of home internet users can allow cyber-criminals to build up huge scale in order to exploit potential victims

The infection – stage 1

What generally happens when a user unknowingly infects his computer from a malicious website or link that he clicks on? The infection delivers a security exploit to create a backdoor on the victim’s computer using vulnerable software on their system. Once the victim has unwittingly clicked on a link or downloads and opens the attachment, a downloader (payload) will be placed on the affected PC. The downloader uses a list of domains or C&C servers controlled by cyber criminals to place the ransomware program on the system. The contacted C&C server responds by sending back the requested data. The infected PC can be turned into a botnet, so that the cyber criminals can grow their infrastructure and carry out future attacks, and it can spread to other PCs connected to a local network, which causes further damage.

The infection – stage 2

It then uses unbreakable encryption, which means a victim cannot decrypt the files using the various decryption tools available from cyber security researchers. It has the ability to encrypt many different kinds of files on a victim’s PC including photos, videos, documents, audio files, etc. It encrypts data stored in cloud accounts such as Google Drive and Dropbox that are synced on the PC. It can also encrypt data on other computers connected to a local network. It scrambles file names, so the victim has no idea which data is affected. This is done in order to confuse and coerce victims into paying the ransom. It can also extract data from the infected PC such as usernames, passwords, email addresses, etc. which it then sends to the server controlled by the cyber criminals.

The infection – stage 3

It then displays an image/message that tells the victim that their data has been encrypted and that they have to pay to get their data back. It can also include geographical targeting, so that the ransom note is translated into the victim’s language, increasing the chances for the ransom to be paid. Payment is usually requested in Bitcoins, because crypto-currency cannot be tracked by cyber security researchers or law enforcement agencies. Generally there is a set time period to pay and missing the deadline means the ransom will increase, but it can also mean that the data will be destroyed and lost forever.

As you can see this can be a shocking experience for your average Joe at home and with 638 million ransomware attacks in 2016, it is inevitable that the number of ransomware attacks will only increase.

AdSecure launches in Beta to beat malvertising

Barcelona 4 September 2017 – AdSecure, is a brand new ad verification tool aimed at Ad Networks, Ad Operations Teams and Publishers to ensure a continuous compliant and malware-free ad delivery and sustain a secure and safe user experience for website visitors.

AdSecure’s technology is built around a custom-made crawler using behavioural targeting techniques and is able to run checks from multiple browsers, devices and over 70 GEOs. The technology allows clients to automatically scan ad tags and landing pages for non-compliance and malware in real-time, 247.

As soon as AdSecure’s system detects a threat, it generates real-time notification alerts through intelligent threat analysis. The alerts are immediately sent to the client via email or through an API giving them access to comprehensive reports listing all malicious links, which then allows the client to take the appropriate actions.

AdSecure is quick to set up and it saves clients valuable time and resources by cleaning out malware and non-compliant advertising and therefore protecting their online reputation.

Mathieu Derval, Product Manager at AdSecure comments,

“Malvertising poses a very serious threat for the online community and for the entire online advertising ecosystem. Malware distributed through the digital advertising supply chain degrades overall trust in this ecosystem. Cybercriminals are taking advantage of the open system which relies on multiple parties including advertisers, ad networks, ad exchanges and site publishers. The boom in programmatic advertising offers attackers advanced targeting options making their malicious campaigns extremely effective and difficult to detect. This is why we created the AdSecure platform to give the industry the most effective, accurate and reliable ad verification tool.”

Mathieu Derval is attending the leading digital economy show Dmexco in Cologne 13-14 September, to book a meeting with Mathieu please contact us.

AdSecure is currently in Beta testing, if you would like to find out more about incorporating AdSecure into your business please contact us, for more information or visit www.adsecure.com.

ENDS For further press information please email press@adsecure.com.

Ransomware news: Android app that allows hackers to create ransomware without any code

The days of needing the coding skills of an accomplished hacker to build malware are over, at least if news from Symantec is true. The antivirus and cybersecurity company recently reported the existence of a Trojan Development Kit (TDK) that allows anyone to create Android ransomware—no coding skills required.

This latest TDK, can be found on hacking forums and even in social media advertisements in China. All the cyber criminal has to do is download the APK and install it and they’re ready to build ransomware. The process itself is simple: Just specify a ransom message, an unlock key, the ransomware’s app icon, mathematical operations to randomize the code and an animation to be shown on the infected Android device.

Meet with AdSecure at Dmexco 2017

Dmexco is the global business and innovation platform of the digital economy. It enables visitors to experience disruptive trends and defines the business potential of tomorrow. This is the meeting place for makers and shakers, visionaries, marketing and media professionals, techies, and creative thinkers. dmexco combines the leading trade fair for digital marketing with an extraordinary conference — and it’s the sector’s top event of the year.