Malvertising refers to the use of online advertising to distribute malware by injecting malicious ads into legitimate advertising networks. In 2016, malvertising drove over 10 billion ad impressions, with varying activity throughout the week. Examples highlight specific exploit kits and ransomware associated with notable malvertising incidents.

1. DEC 25
BY –ANKIT KUSHWAHA

2. WE ARE TALKING ABOUT
MALVERTISMENT …

4. Malvertising is the use of online
advertising to spread malware.
Malvertising involves injecting
malicious ads into legitimate online
advertising networks and web pages.
Anti-Malvertising.com

5. EXAMPLES OF MALVERTISING

10.  How many ad impressions were driven by
malvertising
in 2016?
 Over 10 million
 Over 1 Billion
 Over 10 Billion
10 BILLION

11.  On which day of the week is malvertising
most active?
 Monday
 Wednesday
 Sunday
 All days equally

12. 0 100 200 300 400 500 600
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday
Day of the Week

15. df
User
Visits a popular
website, gets
infected via
exploit kit
Website
Serves a banner
ad, sometimes
malicious
Attacker
Creates and injects malware
ads into advertising network
Advertising
Network
Selects an ad based
on auction, sends
to the website

27. Clean.navy malvertising
© Copyright 2014 Cyphort, Inc. All rights
reserved. Proprietary & Confidential
CLEAN.NAVY
Feb 25, 2015
Clean.navy subdomain is loading
Angler Exploit Kit with the exploit
for CVE-2014-6332 Windows OLE
Automation Array Remote Code
Execution Vulnerability.
www.cyphort.com/dod-
contractors-website-clean-navy-
serving-drive-exploits/
1 start www.***zone.info
2 redirect ads.adgoto.com
3 redirect shop.traditionalarrows.com
4 malware
payload
bolivi**e.clean.navy/lists/9***

28. GOPEGO malvertising
GOPEGO
Feb 4, 2015
gopego.com malvertising
downloads CryptoWall
ransomware.
The attack serves an exploit
package embedded in a flash file,
including exploits which target
four vulnerabilities. Among them
the notorious CVE-2015-0311 .
www.cyphort.com/gopego-
malvertising-cryptowall/

29. https://otalliance.org/system/files/files/resource/documents/report_-
_online_advertising_hidden_hazards_to_consumer_security_date_privacy_may_1
5_20141.pdf
https://blog.opendns.com/2014/06/12/ads-security-dont-mix
http://www.cyphort.com/huffingtonpost-infected-again/
http://adwords.blogspot.com/2015/02/fighting-bad-advertising-practices-on.html
http://in.reuters.com/article/2014/10/16/cybersecurity-military-
idINKCN0I52D820141016
http://www.slideshare.net/ksanz15/understanding-the-online-advertising-
technology-landscape
http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-
legitimate/
http://www.slideshare.net/mhmoo/us-digitalfutureinfocus2013-27520934
http://www.insideprivacy.com/files/2014/05/PSI-Report.pdf
http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-
legitimate/
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-
papers/wp-evolution-of-exploit-kits.pdf
http://secpod.org/blog/?p=1207
References: