Online Ads Deliver Most Hacks

Online advertising hosts 80 percent of all instances of malicious code, security experts have warned.

An analysis of more than 10 million unique URLs, based on live web traffic recorded in the U.K., by security firm Finjan found that hackers are increasingly targeting advertising.

Hackers have discovered that the complex structure of business relationships involved in online advertising make it relatively easy to inject malicious content into legitimate advertising delivery streams, Finjan’s latest Web Security Trends report said.

Malicious code was just as likely to be accessed through legitimate commercial websites as through disreputable sites, such as those with adult content or illegal downloads, Finjan warned.

The report also highlights a continuing evolution in the complexity of attacks, particularly the increasing use of randomization techniques to conceal malicious code. More than 80 percent of the malicious code detected by Finjan was hidden in this way, making it virtually invisible to pattern-matching or signature-based anti-virus products.

Finjan chief technology officer Yuval Ben-Itzhak said: “The fact that malicious code is just as likely to be found in legitimate categories as in questionable categories means that security products that rely solely on URL categories to block access to malicious sites are no longer effective.”

The research also uncovered a new trend for hackers to bury malicious code on web pages served by automatic translation services, such as those offered by search engines.

Peter Christy, principal analyst at the Internet Research Group said: “In the past, attacks were dominated by worms and viruses designed to create a big and very visible disruption.

“Increasingly, modern attacks have criminal intent, and the attackers are becoming more proficient at obscuring the attacks and delivering them from otherwise reputable regions and website categories in order to circumvent many of the defenses that have been effective against earlier attacks. These trends are a clear call-to-action for better detection and prevention methods.”