Beware! Video Ads might spew Malware


Cybercriminals are always finding new avenues to cultivate their crime syndicate. Now, their latest acquisition is video advertisements.

A recent attack via a video ad on several high ranking websites drove home the fact that cybercriminals are now focusing on video ads to spew malware. For about 12 hours starting late on Oct. 29, some 3,000 websites served up the malicious video ad, which displayed a pop-up window nicknamed “Tripbox.” The window warned that an update was needed for browser software like Apple’s Safari, and if people followed the instructions, a backdoor was downloaded to their computer.

Online display ads have been delivering malware for years. This method of attack called Malvertising is a major headache for the ad industry. A single malicious advertisement, distributed to several highly trafficked sites, can expose tens of thousands of computers to malware in a short time.

Chris Olson, co-founder and CEO of The Media Trust said “Video ads are an attractive target for hackers because they’re much harder than display ads to vet for quality”. At present, video ads are often delivered using the Digital Video Ad Serving Template (VAST), a JavaScript-like wrapper. The template can however be added with many elements, such as tracking tags, turning it into a big digital sandwich. “It’s cumbersome,” Olson said. “It’s pieces of code running inside of a template, which is basically a container of code. The upshot is that it’s that harder to ensure that bad things aren’t lurking within, and that’s not lost on the bad guys”, Olson said.

Video ads have been less susceptible to malware due to their high costs. But dropping prices are making video a more attractive launch pad. Olson further added that it was difficult to estimate how many computers may have been exposed to the malicious ad. But it highlights what could be an emerging problem as video becomes more pervasive. “It means that companies serving video ads and publishers that monetize via video ads need to be paying attention to the video channel just like they would with display advertising or other third-party code that they run on their sites,” Olson said.

Leave a Reply

Your email address will not be published. Required fields are marked *