Malicious hackers are now using ad networks to deliver malware to unsuspecting users, most recently to Android users. This sort of attack is not new. But it warrants your attention, especially if you're in charge of your company's Web resources.
Many websites link to external ad networks. Advertisers turn to these services to deliver their messages across multiple -- sometimes thousands of -- websites, typically at low cost. Ad networks are big business, raking in billions of dollars.
[ Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from InfoWorld's expert contributors. Download the PDF today! | Learn how to secure your systems with the Security Central newsletter. ]
Follow the links
The ad networks have caught on and have started checking suspicious ads. In response, hackers now specifically code their redirect websites to show the correct, unadulterated ad. If someone from the ad network performs a spot check, the good ad appears. Hackers can be sneaky.
Hackers have also begun buying legitimate space on ad networks. The bad guys often work from companies that appear to be legitimate; usually they pose as Internet marketers or ad agencies, making it difficult for ad networks to determine what is and isn't legit. How is an ad network supposed to tell an ad for legitimate antivirus software from an ad for fake antivirus software that actually installs malware?