Uncovering The Secrets Of Malvertising

Presented at VB2016, Oct. 7, 2016, 11:30 a.m. (30 minutes)

Malicious advertising, A.K.A. malvertising, has evolved tremendously over the past few years to take a central place in some of today's largest web-based attacks. It is by far the tool of choice for attackers to reach the masses but also to target them with infinite precision and deliver such payloads as ransomware.

The complexity and layered structure of the ad industry has provided the perfect environment for rogue actors to game the system and create long lasting campaigns that go almost unnoticed. Indeed, by using a combination of social engineering and technical tricks, fraudulent advertisers are able to enter ad platforms and hide their malicious payloads so that traditional scanners are rendered useless.

In this paper, we will provide an overview of the ad industry's core concepts (programmatic, RTB, CPM) that are necessary to understand how and why online criminals are able to leverage the system to their advantage. We will also look into how rogue advertisers are able to defeat security screening both by creating fake identities and deploying advanced techniques to conceal malicious code from prying eyes.

While the debate about ad blockers rages, malvertising will continue to make headlines for the foreseeable future and this is why it is important to stay up to speed with its latest practices.

Presenters:

• Chris Boyd - Malwarebytes
  Chris Boyd Chris is a multiple recipient of the Microsoft MVP in Consumer Security and former Director of Research for FaceTime Security Labs. He has presented at RSA, Rootcon and SecTor, and has been thanked by Google for his contributions to responsible disclosure in their Hall of Fame. Chris has been credited with finding the first rootkit in an IM hijack, the first rogue web browser installing without consent, and the first DIY Twitter botnet kit. @paperghost
• Jérôme Segura - Malwarebytes
  Jérôme Segura Jérôme is Lead Malware Intelligence Analyst at Malwarebytes. He has over 10 years' experience in information security and his specialities are malvertising, exploit kits, and malware analysis. Other professional accomplishments include building honeypots to capture drive-by download attacks and for a short while diving into server-side security, by cleaning up and hardening hacked websites. As part of his online investigations, he regularly collaborates with other industry members to report malicious activity and share threat intelligence. Finally, he has a special interest in identifying scams and has worked with the FTC as an expert witness to take down tech support scammers after getting personally bothered by some. @jeromesegura

Links:

• https://www.virusbulletin.com/conference/vb2016/abstracts/uncovering-secrets-malvertising
• https://www.virusbulletin.com/uploads/pdf/conference_slides/2016/Segura_Boyd-vb-2016-malvertising.pdf

Similar Presentations:

• VB2016 / The Good, The bad & The Ugly: The Advertiser, the Bot & the Traffic Broker
• DEF CON 23 (2015) / The Bieber Project: Ad Tech 101, Fake Fans and Adventures in Buying Internet Traffic
• ToorCon San Diego 19 (2017) / False Advertising: How Modern Ad Platforms Can Be Used for Targeted Exploitation