Spammers Take to Online Ads to Spread Malicious Software
Ah, those spam emails of yesteryear, the ones that promised untold wealth for helping a prince get his money out of the country. There were also the ones that offered you an incredible work-from-home job just for filling out this form with your name, birthdate, and Social Security number. And who can forget the emails that said, “You won’t believe these outrageous pictures of [insert celebrity name here]!” and got you to click the link?
Fortunately, better technology means spam filters catch many of those emails before they can work their way into our inboxes. While it’s still a viable way for scammers to spread malicious software or commit fraud, it’s not as easy as it used to be.
There’s a downside to the spam filters, though, which is that criminals have had to find new mechanisms to spread malicious software that they used to spread via email. One of the increasingly popular routes is through online advertising or those ads that pop up when you visit a site or that you see in the sidebar of many of the websites you visit, and it’s got security experts very worried.
Online advertising is a $50 billion a year industry, and the channels that seamlessly distribute these ads are already in place. That makes “malvertising” very lucrative for those who want to sneak in some viruses and reach a vast audience of victims without worrying that their emailed versions will get blocked. Right now, it’s up to companies like search engines to root out and remove the malicious code in ads; Google once took down over 400,000 malicious online ads in a single-month period.
For now, advertisers are wondering what this will mean in terms of upcoming government regulation on how they must inspect ads and how they must respond in the face of malvertising. The EU has already put new rules in place that hold the advertiser or retailer responsible for unwittingly infecting internet users, and the Federal Trade Commission is looking at regulations that would hold them accountable for failing to protect the public from harmful ads.
For the rest of us, that means being very mindful of what we click on and where it can lead us. While businesses rely on advertising to generate revenue and keep their costs down, it’s important for consumers to be careful about clicking on ads that crop up online. If you choose to click on an ad, make sure you’re on a trusted website and that you have up-to-date antivirus and antimalware software installed on your computer or device.
Questions about identity theft? Connect with the ITRC through our toll-free call center at (888) 400-5530, or on-the-go with the new IDTheftHelp app for iOS and Android.