Online Ads Channel Malicious Code

Finjan, an online security firm based in San Jose, California, released findings from a study of live Internet traffic in the U.K. earlier this week. The analysis, which included over 10 million unique URLs, found that about 80% of all malicious code is hosted on online advertising.

The study indicated that malicious code was just as likely to be found on legitimate sites as they are to be found on more questionable Web sites. This poses an obvious problem.

Chief technology officer at Finjan, Yuval Ben-Itzhak, said that "The fact that malicious code is just as likely to be found in legitimate categories as in questionable categories means that security products that rely solely on URL categories to block access to malicious sites are no longer effective."

This issue stems from the fact that many legitimate Web sites do not embed fixed advertisements on their site, but are instead receiving them from ad services that feed ads onto the site’s pages. This makes it difficult for Webmasters to keep track.

Anti-virus products that utilize pattern or signature recognition fall short when it comes to battling these instances of malicious code, because of randomization techniques that attackers are using.

Attackers are also taking advantage of sites that are served up by automatic language translation services.

Ben Itzhak also indicated that most of the world’s malware is channeled from the U.S. or the U.K. He emphasized that malicious code "really can come from anywhere."

Just like it is in e-mail and search engine spam, it seems like the issue of malicious code has become a mouse-chase-cat scenario that is unlikely to reach a concrete end. The cat has been, is, and will continue to be wily.

Sources:

http://www.pcworld.com/article/id,130129/article.html

http://www.itnews.com.au/newsstory.aspx?CIaNID=48540&r=hstory