
==============FULL ARTICLE FROM LASTLINE===================
Last week at IMC Vancouver 2014, cyber-security researcher Apostolis Zarras of Ruhr-University Bochum presented a research paper entitled “The Dark Alleys of Madison Avenue, Understanding Malicious Advertisements” that he co-authored along with other researchers including my fellow Lastline co-founder Christopher Kruegel and myself. For this paper, we performed the first large-scale study of ad networks that serve malicious ads or “malvertising”, investigating the safety of 600,000 ads on 40,000 websites. Our research revealed the widespread and presumably uninvited distribution of malware through online ad networks. To detect malicious behavior in ads we used Wepawet, a honeyclient developed at UCSB that uses an emulated browser to capture the execution of JavaScript to identify signs of maliciousness such as drive-by-download attacks. (Side note: Wepawet celebrates its 6th birthday this Friday, November 14.)The malicious 1% of ads served
Ultimately, we measured that on average 1% of served ads were conduits for malware. When multiplied by the millions of ads served every day, that is a sizeable number. Interestingly, entertainment and news websites hosted more malvertising than adult websites. This widespread proliferation of malvertising through unsecured or undersecured ad networks on mainstream websites is a serious threat to both Internet users and the Internet economy. Below, we provide some statistics generated from what we observed. A few caveats are necessary. First of all, this data reflects a specific window of time. When malware and cybercrime is involved things change fast, as the miscreants try to avoid being detected and blocked. Second, our “oracle” (i.e., the tool which indicates if an ad is associated with malware or not) is Wepawet which is a good system, but not a perfect one. Therefore, both false positives and false negatives are possible, even though we have tried to aggressively minimize our false positives, at the cost of some false negatives. This means that these results represent a “lower bound” on the phenomenon (in layman’s terms: things are probably worse than we report here).Which ad networks have the most malvertising?
We crunched some numbers from the data sets from the study and have identified the top 10 dirtiest and cleanest ad networks, based on the proportion of malicious vs. benign ads served. As you’ll see in the charts below, six ad networks tied for “cleanest” with 100% benign ads served and 0% malvertising for the duration of the study: AdRoll.com, AdFox.ru, 24-Ads.com, Adscale.de, Pixfuture.net and RedIntelligence.net. CPMStar.com, Doubleclick.net, Adition.com and Amgdgt.com round out this list of cleanest ad networks.
