Skip to main content

Realtor.com the latest victim of malvertising plague

malvertising realtor com malware
Andrey_Popov/Shutterstock
It’s not a new threat on the scene, but it’s still dangerous — and malvertising on the web is on the rise.

Malvertising is the spread of malware through online advertising, and it’s pretty ugly. It’s especially prescient as ads on the web have been challenged by a number of technical factors in browsers, the progressive changeover to HTML5 from Flash technology, and the emergence of app blockers in places like the Apple App Store.

In recent years, the spread of malware transmitted through ads has grown exponentially, by some estimates quadrupling in size from year to year. The threat is major, and with every malvertising infection, the potential for hackers to execute arbitrary code on a base of infected computers increases. The scale and sophistication of attacks continues to march on, and much of the response has hinged on fighting fires as outbreaks pop up. Some worry that this explosion will change the very nature of advertising networks and how we view ads on the web.

A plague is out there

An ugly malvertising campaign on the website Realtor.com last week exploited unpatched systems, and this particular campaign is especially worrisome for one reason: It’s the latest in a string of attacks that don’t even require your click on a bogus advertisement to trigger an infection. Realtor.com gets an estimated 30 million visits a month, which means as many as a million people may have been exposed to the malware in a single day. According to the MalwareBytes blog, the payload in this case appeared to be the Bedep Trojan, which can hijack browsers and install ransomware. Yahoo, Forbes, YouTube, and other major websites join a lengthy list of companies that have been affected by these ads.

realtor_flow
MalwareBytes
MalwareBytes

Follow the flow this diagram and you’ll witness the appeal of spreading malware through these means. By all measurable information, the campaigns appear compelling and profitable — that’s why we’re seeing such see a concerted effort to produce convincing advertisements with products that appear genuine. The black market for the zero-day vulnerabilities implemented in these malvertising attacks also indicates investment and effort. The very placement of ads also incurs an operational cost.

Targeted infections

It’s also interesting to consider that the very same base of information that makes advertising targeted and personal has become the target for spreading specific malware. The parties behind this surge in malvertising have targeted ad networks and websites so far. It may be a matter of time only before they micro-target certain individuals within an organization or within government through these innovative techniques. Cyber security usually boils down to a race to find the point of least resistance — and the latest front may very well be malvertising.

The best way to deal with these threats is to keep your browser, plugins, and operating systems up to date. Always use an anti-virus product to protect your systems, and when required, use a malware tool to perform cleanups. let’s be safe out there, everyone.

Editors' Recommendations

12 high-profile tech opportunities for those job hunting
A person using the ZipRecruiter mobile app on a smartphone.

This content was produced in partnership with ZipRecruiter.
Are you an aspiring or experienced tech professional looking to start the new year with a new job? Job search sites, such as ZipRecruiter, have all the tools you need to explore the most high-paying tech jobs currently available, whether you're seeking to enter or advance in the tech industry. From data scientists to software developers, these positions offer challenges and opportunities to work with up-and-coming and market-leading technology companies. Whether you're just starting out in your tech career or are an experienced professional looking to take the next step up the ladder, these high-profile tech opportunities are sure to pique your interest. If you're ready to dive in and explore the top tech opportunities, read on to see what's available.

 
Software Developer - Average Salary $110,000
As a software dev, you will be designing, developing, and maintaining applications for computer and mobile platforms. This can involve writing code in various programming languages, such as C++, Java, or Python, and using frameworks and libraries to build efficient and scalable software systems. You may also work with databases, version control systems, and collaboration tools to manage and track code changes. Some responsibilities of a software developer include collaborating with a team to design and ship new features, identifying and fixing bugs in existing software, maintaining and improving applications, designing and implementing software tests and debugging processes, and participating in code reviews to ensure quality and compliance with standards.

Read more
What to expect at CES 2023, from mondo TVs to EVs
The futuristic Aska eVTOL quadcopter will take off and land vertically, like a drone.

Break out the champagne and roll out the red carpets, CES is back! After two rough, COVID-addled years that saw the world’s greatest tech show reduced to a shell of its former self, the show is primed to spring back to its former glory for 2023. And our team of writers and editors will be on the ground in Las Vegas, bringing it all to you.

But much has changed since the last “normal” CES of 2020. The economy has boomed and busted, supply chains have knotted, and attitudes over excess have shifted as climate change looms larger and larger in our global conversation. And as always, the tech itself has marched forward, rising to the challenges of our new post-COVID lives.

Read more
Google is now supporting my awful browser habits, and I love it
Google Chrome opened on a laptop.

Google has just released a new update for Chrome, and it could be a real timesaver if you're anything like me.

I have some pretty bad habits when it comes to how I use my browsers, and instead of forcing me to improve, Google is supporting me. Needless to say, I love it.

Read more