Fake ad consortium generated 1 billion malvertising impressions last year

Zirconium, a group of 28 fake ad agencies, has been exposed by security researchers from Confiant. They built business relationships with 16 ad platforms and generated a billion impressions (ad views), showing among other things fake software update requests and all sorts of tech support scam.

Tech support scam is represented with pop-up windows that warn users about some trouble with their computer. After clicking on a support contact link or an antivirus download button, the user receives a piece of malware that can steal passwords, credit card numbers and other data.

Out of the sample of 600 ad-monetized websites, 62% had Zirconium’s malvertising during a test week in December of 2017. The operating units of Zirconium had been disguised as small advertising agencies, with corporate websites, "team’s" photos from clipart stores, Facebook and Twitter accounts with machine-generated content. Each had "an independent infrastructure, from hosting to SSL servers to domain registration. Ad serving code is unique to each fake company", Confiant reports.

Zirconium spent about $220 000 on ads. It is hard to tell how much money they have earned, but Confiant’s analytics estimate that about 5% of ads generated payload triggers, which gives us about 2,5 million victims. A payload trigger is an action that activates a malicious software. Malvertising is one of the fastest growing threats on the Web now. It had risen 132% in 2016 over 2015, as RiskIQ reported.

Ludmila Kudryavtseva on Industry News
January 30, 2018
Comments are powered by Disqus. By downloading the comments you agree the terms and policies of Disqus
Nowhere to run, nowhere to hide: cryptojacking now on Youtube

A video streaming service is a perfect place to launch a cryptojacking script. Users watch videos, and their computers are busy mining cryptocurrencies for the script’s owner. Youtube is a video platform with a huge audience, but unfortunately its owner Google is too selfish to let anyone run a mining script there.

But it lets people run ads inside Youtube videos!

The Year 2017 in Ad Blocking

The year 2017 was a tough one for privacy protection and ad blocking apps, but a good one for their users. But any paradox seen here is illusory.

It was back in 2016 that the ad and marketing industries acknowledged the impending crisis. Ad-blocking growth statistics created great concern for many advertisers and publishers. Extrapolations showed that in a year or two almost nobody would see ads. Advertisers got ready to sell their lives at a high price. That was the year that ad reinsertion startup companies like PageFair, Admiral, Sourcepoint, Secret Media propagated, offering technologies to push ads through ad blockers.

It also was the year when the Coalition for Better Ads emerged.