Malvertising, ad blockers, revenue streams and you

We will leave the last words to Jérôme Segura, Senior Security Researcher at Malwarebytes who rather specialises in getting to grips with the threat actors and technologies behind the malvertising menace. “To put it bluntly,” Segura said, speaking to IT Security Thing, “there are some advertising players that are doing okay, and others that have become regular malware delivery platforms.” According to Segura, the root of the problem lies with business practices, which no security scanner or ad validation technology can completely mitigate. Namely, a low barrier to entry, lack of knowledge of who buyers and sellers are and relative anonymity an advertiser can have. “The other part of the problem is the lack of accountability in a business where impressions can change hands dozens of times before an ad is finally displayed in a user’s browser,” Segura insists, “even if the top ad network has strong security guidelines, as you go down the chain of resellers you often find a weak link, sometimes a party who got abused by a rogue advertiser, or sometimes an actor that might easily turn a blind eye on deceptive or malicious adverts.”