Paid Advertising
web application security lab

80% of Malware Served By Ads

There’s an interesting article about some research that Finjan did regarding their findings that 80% of Malware is served by ads. Taking aside the statistic itself, which you can either agree with or not (maybe it’s 80% that Finjan detected), it’s still an interesting trend. However, one thing struck me in the article that they almost glossed over. They mentioned that one trend is that they are embedding the code so that it executes when seen through translation services. Interesting.

There’s a few reasons this is interesting. Firstly, it’s kind of a slap in the face to people who think that using translation services somehow makes you safer or more private (I’ve never understood why people think that since it still downloads all the embedded content directly from your server), and secondly it really opens up a new way to target your attack. It’s easy to tell when a user is using a translation service (referring URL and/or lack of referring URL but preceded by a pull from a translation service - this could be aided by unique IDs on images to track them back to specific pages).

Now using the translation service to know that your target is located in some area that speaks whatever language they are using, you can be sure that they are in an area that has no extradition treaties with wherever you are hosting. That can greatly reduce the liklihood of getting caught, while still maintaining some good number of malware infections. Kinda nasty. I might be reading a little too far into Finjan’s findings, but still, it’s interesting to think about.

3 Responses to “80% of Malware Served By Ads”

  1. Chris_B Says:

    What would be more interesting is to target users of known open proxies.

  2. Awesome AnDrEw Says:

    Isn’t that what they’re doing in essence? Technically speaking that’s what translation services act as. When I used to sit around in school on the computers I’d always try to access content that was blocked via the school network, and I’d always use Google translation services to act as a buffer so that I could access whatever I’d like.

  3. hackathology Says:

    I do agree with you Rsnake. To me, Ads is so annoying and i never trust them.