Malvertising: Distributing Malice via Cross-Domain Script Inclusion
Online advertisements provide a convenient platform for spreading malware. Since ads provide a significant portion of revenue on the web, significant effort is put into attracting users to them. Malicious agents take advantage of this skillful attraction and then redirect users to malicious sites that serve malware
Recently, malvertising (malicious advertising on the Internet) attack mechanism has been opted by the attackers to infect Equifax (https://www.forbes.com/sites/leemathews/2017/10/12/equifax-website-caught-serving-malicious-ads-to-visitors/#5dad5d2f19f8 ) and Transunion (https://arstechnica.com/information-technology/2017/10/equifax-rival-transunion-also-sends-site-visitors-to-malicious-pages/ )credit bureau websites.
- The attacker analyzes the scripts that are included in the target website from the third-party domain.
- The attacker compromises the third-party domain, injects malicious code and then let the attack trigger.
- When user opens the primary website in browser, the scripts are included from the cross domain injected with malicious content and served to the end-users.
Browser Exploit Packs (BEPs) infections have also been triggered using malvertisements. In this scenario, primary website has not control as it simply includes the script hosted on server that is not managed and operated by the primary website. This attack mode is used to distribute infections to a large number of users on the Internet.
As you can see, CDNs have the potential to be a big problem with respect to web malware.
In our earlier paper, Malvertising — Exploiting Web Advertising, we covered different malvertisements attack scenarios as listed below:
- Malvertising with malicious widgets and redirection
- Malvertising with hidden iframes
- Malvertising with infected Content Delivery Networks (CDNs)
- Malvertising through Malicious Banners
You can read our earlier paper published in Computer Fraud and Security (CFS)Journal here: http://secniche.org/released/NESE_Mal_AKS_RJE.pdf | https://scholars.opb.msu.edu/en/publications/malvertising-exploiting-web-advertising-4
Sood, A. K., & Enbody, R. J. (2011). Malvertising — Exploiting web advertising. Computer Fraud and Security, 2011(4), 11–16. DOI: 10.1016/S1361–3723(11)70041–0