Third-party content is the Web's third rail
Legitimate sites increasingly host malicious content through third-party content such as advertisements. The frequency of 'malvertisements' jumped 25 percent last quarter
Follow @infoworld
Bulking up a website with third-party content seems a no brainer. A well-chosen collection of widgets can give companies a more interesting site, additional data on their visitors, or an alternative revenue stream.
Yet, adding third-party Web content to a site also brings one more way that attackers can deliver malicious content to visitors, and according to the latest research, legitimate sites are increasingly and inadvertently hosting malicious content. The frequency of malicious advertisements, or malvertisements, jumped 25 percent between the third and last quarters of 2010, according to Web security firm Dasient.
Attackers will continue to focus on such indirect forms of attack because it allows them to maximize the number of potential victims, says Neil Daswani, co-founder and chief technology officer for Dasient.
"The cyber criminals know what every Web master knows," Daswani says. "Getting traffic and accumulating traffic is hard; it is much more effective to compromise someone that already has traffic."
The company estimates that more than 3 million daily malvertising impressions occurred in the fourth quarter of 2010, up from 1.5 million in the third quarter. Part of the increase occurred because the company added remnant ad networks -- those ads displayed when an ad placement has no other buyer -- to its estimates. Excluding those networks, Dasient estimates malvertising increased a still-significant 25 percent.
Cyber criminals sneak malicious content into advertisements so that they can compromise visitors to legitimate sites. The malvertisements can be hosted when advertising networks are tricked into believing the criminals represent a legitimate company, as happened to DoubleClick recently. In some cases, attackers compromise a network's server and replace legitimate advertisements with versions that have malicious content. This happened earlier this month with ad provider Unanimis and many of its clients, including the London Stock Exchange.
