The Channel logo


By | Darren Pauli 13th August 2015 02:40

Malvertising set to wreak one BEELLION dollars in damage this year

On the upside, the ROI is amazing if you've an appetite for risky investments

Records have fallen as malvertising clocked its most prolific month in history, making it one of the biggest threats to endpoint security.

If the scourge continues, criminals will have inflicted a billion dollars in damages by the end of the year from a paltry US$12,000 investment, according to researchers at security firm Invincea.

In this threat report [PDF], the firm says it blocked some 2100 malvertising attacks against its customers.

It says the attacks represent 2.1 million malicious advertisements purchased by maldoers.

"June was by far the worst month on record for malvertising – likely due to the multiple Flash zero-day exploits that were integrated into exploit kits used to host fraudulent ads that month", the report says.

"At an industry average price of approximately US$2.90 per thousand online ads, malicious actors were able to inflict more than half a billion dollars of damage for a mere US$6,000 in advertising spend.

"On an annualised basis, the malvertising campaigns Invincea observed generate more than $1 billion in damage per year."

Malvertising is the vector by which threats like ransomware, click-fraud botnets, and banking trojans such as Zbot are delivered.

Researchers also found an upswing in just-in-time malware in which the malicious executable is assembled on a target's machine rather than beforehand in a bid to evade whitelists and network sandbox analysis.


How JIT malware assembly works.

The just-in-time technique works with an exploit targeting the likes of Adobe Flash or Office wares and employs tools such as powershell, host scripting, and VBScript assembly. It can run from disk as an executable or within memory.

"Threat actors are now having great success in evading network sandbox, IDS, and traditional endpoint security solutions with this multi-stage delivery assembly approach," boffins say.

Weaponised Office documents are also within the top threat vectors so far this year which have become plug-and-play thanks in part to oft-reused VB scripts. ®

comment icon Read 4 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe