Tech Giants and Ad Networks Could Face Penalties for Malvertising, US Senate Warns

The US Senate urges companies such as Google and Yahoo to better protect users from malicious ads and hackers exploiting their online advertising networks, or else new legislation could force them to, according to the Associated Press. The Online Trust Alliance research revealed that malvertising tripled in 2013 to more than 209,000 incidents, generating over 12.4 billion malicious ad impressions.

The Senate is now considering passing new laws that could punish ad networks in addition to prosecuting hackers infecting computers through online advertisements. In the report (PDF), The Committee on Homeland Security and Governmental Affairs said the advertising landscape makes it “impossible” for users to protect against malware attacks while visiting legitimate web sites.

“The online advertising industry has grown in complexity to such an extent that each party can conceivably claim it is not responsible when malware is delivered to a user’s computer through an advertisement,” US authorities said.

Google claims it seeks to stay “one step ahead” of malvertisers. Yahoo’s chief information security officer Alex Stamos also told the AP that malvertising is “a top priority for Yahoo.”

“We successfully block the vast majority of malicious or deceptive advertisements with which bad actors attack our network, and we always strive to defeat those who would compromise our customers’ security,” Alex Stamos said.

In December 2013, more than 2 million users were exposed to hackers, who were able to steal personal information via a compromised ad on Yahoo. Such malvertising attacks frequently breach the email provider`s network. In January, Bitdefender researchers spotted dangerous ads for work in the USA on Yahoo! Messenger Insider.

Antivirus software provider Bitdefender warned that malvertising has taken the cyber-crime spotlight since November 2013, when a paper about the anatomy of malicious ads was published in the Virus Bulletin. Bitdefender researchers said cyber-criminals will focus more than ever on profit via malvertising. The study revealed that almost 7 per cent of ads found on 150,000 web sites could infect users with malware or target them with fraud, spam and phishing.

Malvertising helps cyber-criminals capture personal information and even taking over devices to turn them into bots and use them for DDoS attacks against banks, government agencies and other institutions.

Besides gambling and weight loss ads, malvertising also makes money out of business and computer and software commercials by creating fictitious web pages that look like those of legitimate companies, Bitdefender malvertising research shows.