Rogue application spreads virally

The online advertising world continues to be challenged by ne'er-do-wells as Click Forensics released results from its latest quarterly, deep-dive into the company's fraud detection data. The Company identified challenges with display advertising where "a pop-up or pop-under (...) rotates brand advertisers' banner ads every 10-15 min in an effort to seemingly boost impression figures." Read the release.

CEO Paul Pellman discussed the latest on malware and malvertising.

AdExchanger.com: How is the malware scheme you describe reaching websites - through display ads from exchanges, specific ad networks? Any ideas on how it can be prevented?

PP: The Click Forensics Malware Lab has been finding two generic types of malware.  The first, more common version, is actually installed on the visitor's machine as a result of some other seemingly innocent download.  It can be spread via e-mail attachments or through lots of "freeware" that people install on their machines.  Once installed, these Botnets can take control of browser functions or simply open pop-unders to display ads for nefarious ad networks.  The best way to prevent these is for visitors to be diligent and use updated antivirus software from Symantec, McAfee, and others.

The second type is not really malware at all, but is the one more commonly talked about in AdExchanger circles.  Namely, visitors to ad supported sites get served all sorts of ads that they never see, whether in pop-unders, zero-by-zero iFrames, or invisible pages.  The generic term for these schemes is "ad stuffing."  Advertisers can protect themselves from both types of fraud by employing ad verification and/or audience verification platforms.

What IS the malware? Any trends there?

Much of the malware we found recently came from different types of toolbars.  These are browser plug-ins that purport to assist with search or provide some other value for the visitor (weather, sports scores, etc.), but in reality are also hijacking browser activity for the benefit of the author.  One toolbar we found turned organic search results into paid clicks by routing searches to a parked domain site and channelling clicks through several ad networks.  It's very difficult to trace which are complicit in the fraud and which are innocent participants.

From a marketer's perspective, would using frequency caps or buying on a CPC basis might lessen the impact of inflation impression?

Frequency caps might help a display advertiser minimize the impact of these schemes, but it can't defeat them completely.  As far as converting everything to CPC, it might work in the very short term but, as we well know, click fraud becomes an issue.  The best protection is the diligent monitoring of campaigns and the use of an audience/ad verification platform.

I didn't see you mention malvertising versus malware in your release. Do you distinguish between the two?

We use "malvertising" to refer to ads that send visitors to a place that is bad for them.  The ad itself may not be infected, but its intention is to trick the visitor into doing something damaging.  For example, the ad on NewYorkTimes.com a little over a year ago warned visitors to click through to a site where they could "update their virus protection."  Of course the download included all sorts of malware, but the ad itself was more accurately described as malvertising.

By John Ebbert

 

via @mashable

by Jolie O'Dell

How much does it cost to buy a stolen credit card number on the black market? What about renting a botnet or setting up a fake online store designed to steal user identities?

Cybercrime involving stolen credit card numbers, money laundering, botnets and other black-hat activities is a huge business online. A new report [PDF] from PandaLabs uncovers the going price for some of the most popular kinds of cybercrime, and most Internet users would be surprised at the numbers behind common forms of online crime.

For example, you can purchase bank details for accounts with confirmed six-figure balances for $80 to $700. You can find someone to design and publish a fake online store for between $30 and $300. A credit card-cloning machine costs $200 to $1,000, and an actual fake ATM, which steals valuable credentials from anyone who uses it, can be bought for a mere $3,500.

According to a statement from PandaLabs, “This cyber-criminal black market caters to buyers’ needs just like any other business and functions in similar ways.”

“Since there is a great deal of competition in this industry, the rule of supply and demand ensures that prices are competitive, and operators even offer bulk discounts to higher-volume buyers,” the report continues. “They will offer free ‘trial’ access to stolen bank or credit card details, as well as money back guarantees and free exchanges.”

Most sellers and buyers remain relatively anonymous in these transactions, however, conducting transactions over IM apps and making and accepting payment through services like Western Union, Liberty Reserve and WebMoney.

The report also states that, while exact metrics are lacking, the business of cybercrime appears to be more prolific than ever.

“Although we don’t have precise data,” the report reads, “we believe that this nefarious business has expanded with the economic crisis. Previously it was in no way easy to locate sites or individuals dedicated to this type of business, yet now it’s relatively simple to come across these types of offers on underground forums.”

Stains of malware are also on the rise, particularly ones designed to steal bank details. Currently, trojans account for 71% of all new malware, up from 49% in 2005. And 99% of the time, malware is intended to targetWindows operating systems.

“Five years ago,” the report states, “there were only 92,000 strains of malware cataloged throughout the company’s 15-year history. This figure rose to 14 million by 2008 and 60 million by 2010.”

For consumers who wish to protect themselves from this kind of cybercrime, take the following common-sense precautions:

• - Sign your credit and debit cards as soon as you receive them.
• - When paying by card in a brick-and-mortar store, make sure your card is always in view.
• - Destroy any physical correspondence that includes your name, address, Social Security details or account numbers; and don’t let mail sit in your mailbox for too long.
• - Save and destroy all your ATM receipts or destroy them.
• - Clear browsing data, including cookies and temporary files, after making an online purchase.
• - And of course, never save or write down your passwords, keep your antivirus software up to date and only shop online at trusted sites.

Image courtesy of Flickr, arenamontanus

 

From spyware to bots to viruses and other unimaginable hazards… the web can be a scary place.  

As far back as Prodigy in the early days of the online world, scams have been a part of the party.  The Internet is simply a new way for the bad guys to rip off unsuspecting consumers.  The key difference though is that the reach is enormous and the damage can spread to more people, more quickly than ever before.

Enter scareware, new way to trick unsuspecting consumers into parting with their money.  USA Today recently had an article about the tricks and tactics used to perpetrate this latest rip off.  Unfortunately, online advertising has become an accomplice to the crime.

Scareware is worthless software that allegedly removes viruses from your computer.  Anyone who has surfed the web knows how easy it can be to become infected with a virus.  The damage to the users computer is often measured in slowed performance, unwanted clicking and potentially even more nefarious things like key logging and password swiping.  Now, the bad guys are selling “scareware” to solve a problem that may not actually exist.

The first such program was called “SpySheriff,” built by a team of cyber crooks from Russia.  The Anti-Phishing Working Group recently reported that scareware infections rose 48% in the second half of 2008.  The growth is tied to the ease of distribution and weaknesses in online advertising and the web in general.

There are several ways these fake products are being distributed.  Phony pages are created using hot search key words such as “American Idol” or “iPhone” and drive the unsuspecting consumer to the infected page.  Recently the Facebook email scam was used to send people to a page by promoting things like “best video.”  Since these emails came from your friends, millions clicked.  Twitter has become a vehicle for distribution. Phony Twitter accounts are created and enticing titles of posts encourage people to click.

Additionally, the bad guys are simply buying display or search ads.  They rotate in infected pages to the landing page.  It is virtually impossible for an ad provider to scan every ad impression and linking page.  This loophole creates an opportunity for the bad guys to drive significant traffic to infected pages at a very low cost.  Microsoft reported finding 4.4M installations of one such program, so the scale is enormous.  Do the math… at $49 or $79, that is big business.

Once someone lands on the page, getting off is nearly impossible.  Immediately upon landing, a “system scan” begins.  The results are, of course, showing that your computer is infected with a number of viruses.  Conveniently you can buy the product at that point and they take your money and run.  If you try to move away from the page, or cancel, an endless number of scans take over your screen.  Essentially, users must “control/alt/delete” their way out or restart.

The danger in this scam is not limited to monetary damage to the consumer.  These type of pages and methods to attract clicks are the same methods used to install spyware, malware and perpetrate click fraud.  To their credit, USA Today has done a good job over the last few years of highlighting the dangers of the web to the average consumer.

The FTC is cracking down.  They have identified products like WinFixer, DriveCleaner and XP AntiVirus as worthless and they are going after the owners.  The problem is that like the click fraud crooks, these guys are in remote locations and move their servers often. Tracking them is a full time job and extremely difficult.  The search engines are trying to help as well.  

Bing has a neat feature that highlights “at risk” url’s.  Yahoo has similar product built with McAfee.

Trust is what keeps consumers clicking on ads.  Without stepped up industry efforts from organizations, like the Anti Phishing Working Groups and others, trust could be diminished.  Like click fraud, scareware is damaging trust.  It takes a community effort to stay after the problem and build solutions to take the scare out of the internet.

Tom Cuthbert