Cybercriminals are always finding new avenues to cultivate their crime syndicate. Now, their latest acquisition is video advertisements.
A recent attack via a video ad on several high ranking websites drove home the fact that cybercriminals are now focusing on video ads to spew malware. For about 12 hours starting late on Oct. 29, some 3,000 websites served up the malicious video ad, which displayed a pop-up window nicknamed “Tripbox.” The window warned that an update was needed for browser software like Apple’s Safari, and if people followed the instructions, a backdoor was downloaded to their computer.
Online display ads have been delivering malware for years. This method of attack called Malvertising is a major headache for the ad industry. A single malicious advertisement, distributed to several highly trafficked sites, can expose tens of thousands of computers to malware in a short time.
Video ads have been less susceptible to malware due to their high costs. But dropping prices are making video a more attractive launch pad. Olson further added that it was difficult to estimate how many computers may have been exposed to the malicious ad. But it highlights what could be an emerging problem as video becomes more pervasive. “It means that companies serving video ads and publishers that monetize via video ads need to be paying attention to the video channel just like they would with display advertising or other third-party code that they run on their sites,” Olson said.