Zirconium, a group of 28 fake ad agencies, has been exposed by security researchers from Confiant. They built business relationships with 16 ad platforms and generated a billion impressions (ad views), showing among other things fake software update requests and all sorts of tech support scam.
Tech support scam is represented with pop-up windows that warn users about some trouble with their computer. After clicking on a support contact link or an antivirus download button, the user receives a piece of malware that can steal passwords, credit card numbers and other data.
Out of the sample of 600 ad-monetized websites, 62% had Zirconium’s malvertising during a test week in December of 2017. The operating units of Zirconium had been disguised as small advertising agencies, with corporate websites, "team’s" photos from clipart stores, Facebook and Twitter accounts with machine-generated content. Each had "an independent infrastructure, from hosting to SSL servers to domain registration. Ad serving code is unique to each fake company", Confiant reports.
Zirconium spent about $220 000 on ads. It is hard to tell how much money they have earned, but Confiant’s analytics estimate that about 5% of ads generated payload triggers, which gives us about 2,5 million victims. A payload trigger is an action that activates a malicious software. Malvertising is one of the fastest growing threats on the Web now. It had risen 132% in 2016 over 2015, as RiskIQ reported.