Third-party content is the Web's third rail

Legitimate sites increasingly host malicious content through third-party content such as advertisements. The frequency of 'malvertisements' jumped 25 percent last quarter

Bulking up a website with third-party content seems a no brainer. A well-chosen collection of widgets can give companies a more interesting site, additional data on their visitors, or an alternative revenue stream.

Yet, adding third-party Web content to a site also brings one more way that attackers can deliver malicious content to visitors, and according to the latest research, legitimate sites are increasingly and inadvertently hosting malicious content. The frequency of malicious advertisements, or malvertisements, jumped 25 percent between the third and last quarters of 2010, according to Web security firm Dasient.

Attackers will continue to focus on such indirect forms of attack because it allows them to maximize the number of potential victims, says Neil Daswani, co-founder and chief technology officer for Dasient.

"The cyber criminals know what every Web master knows," Daswani says. "Getting traffic and accumulating traffic is hard; it is much more effective to compromise someone that already has traffic."

The company estimates that more than 3 million daily malvertising impressions occurred in the fourth quarter of 2010, up from 1.5 million in the third quarter. Part of the increase occurred because the company added remnant ad networks -- those ads displayed when an ad placement has no other buyer -- to its estimates. Excluding those networks, Dasient estimates malvertising increased a still-significant 25 percent.

Cyber criminals sneak malicious content into advertisements so that they can compromise visitors to legitimate sites. The malvertisements can be hosted when advertising networks are tricked into believing the criminals represent a legitimate company, as happened to DoubleClick recently. In some cases, attackers compromise a network's server and replace legitimate advertisements with versions that have malicious content. This happened earlier this month with ad provider Unanimis and many of its clients, including the London Stock Exchange.

However, the news is not all bad. Advertisers and websites are getting better about detecting the malicious campaigns. The lifetime of an advertising attack continues to fall, with malvertisements removed in an average of 9.8 days in the fourth quarter compared to 11.2 days in the third quarter and 11.8 days in second quarter of 2010.

Part of the problem in detecting malicious advertisements is that every visit to a company's website may not trigger the attack. Malvertisements typically come from a pool of possible ads, which means a company will not be able to verify a customer's complaint that the website is serving up attacks.

"Often a user will simply reload the Web page, a different ad will be shown, and it will be too late to capture forensic information," Dasient states in the report.

This story, "Third-party content is the Web's third rail," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies