This paper is the result of several months of researching and monitoring malvertising campaigns that we have observed affect thousands of publishers and dozens of ad networks. The goal of this research is to summarize some of the malvertising campaigns we have seen and give numbers to quantify their impact. While some of those incidents have ceased, others are still ongoing and the threat actors responsible for them are very successful at bypassing most ad quality and security checks.
- Hundreds of goo.gl URLs used in malicious redirections
- Over 100 fake advertiser domains
- Dozens of ad networks abused, including top ones
- Use of SSL to encrypt ad call URL and content
- Targeted towards genuine residential IP addresses only
- Booby-trapped GIF images hiding code with on-the-fly encoding
- Fake advertiser profiles and deceiving websites
- 42% of infections happened in the U.S.
- Cost: only 19 cents for each 1000 impressions (CPM)