Web

Realtor.com the latest victim of malvertising plague

malvertising realtor com malware
Andrey_Popov/Shutterstock
It’s not a new threat on the scene, but it’s still dangerous — and malvertising on the web is on the rise.

Malvertising is the spread of malware through online advertising, and it’s pretty ugly. It’s especially prescient as ads on the web have been challenged by a number of technical factors in browsers, the progressive changeover to HTML5 from Flash technology, and the emergence of app blockers in places like the Apple App Store.

In recent years, the spread of malware transmitted through ads has grown exponentially, by some estimates quadrupling in size from year to year. The threat is major, and with every malvertising infection, the potential for hackers to execute arbitrary code on a base of infected computers increases. The scale and sophistication of attacks continues to march on, and much of the response has hinged on fighting fires as outbreaks pop up. Some worry that this explosion will change the very nature of advertising networks and how we view ads on the web.

A plague is out there

An ugly malvertising campaign on the website Realtor.com last week exploited unpatched systems, and this particular campaign is especially worrisome for one reason: It’s the latest in a string of attacks that don’t even require your click on a bogus advertisement to trigger an infection. Realtor.com gets an estimated 30 million visits a month, which means as many as a million people may have been exposed to the malware in a single day. According to the MalwareBytes blog, the payload in this case appeared to be the Bedep Trojan, which can hijack browsers and install ransomware. Yahoo, Forbes, YouTube, and other major websites join a lengthy list of companies that have been affected by these ads.

realtor_flow
MalwareBytes
MalwareBytes

Follow the flow this diagram and you’ll witness the appeal of spreading malware through these means. By all measurable information, the campaigns appear compelling and profitable — that’s why we’re seeing such see a concerted effort to produce convincing advertisements with products that appear genuine. The black market for the zero-day vulnerabilities implemented in these malvertising attacks also indicates investment and effort. The very placement of ads also incurs an operational cost.

Targeted infections

It’s also interesting to consider that the very same base of information that makes advertising targeted and personal has become the target for spreading specific malware. The parties behind this surge in malvertising have targeted ad networks and websites so far. It may be a matter of time only before they micro-target certain individuals within an organization or within government through these innovative techniques. Cyber security usually boils down to a race to find the point of least resistance — and the latest front may very well be malvertising.

The best way to deal with these threats is to keep your browser, plugins, and operating systems up to date. Always use an anti-virus product to protect your systems, and when required, use a malware tool to perform cleanups. let’s be safe out there, everyone.

Emerging Tech

Death from above? How we’re preparing for a future filled with weaponized drones

Drones are beginning to enable everything from search & rescue, to the delivery of medicines to hard-to-reach places. But they are also being used as cheap, and deadly flying bombs. How can we defend ourselves?
Smart Home

Facebook’s new Portal device can collect your data to target your ads

Facebook confirmed that its new Portal smart displays, designed to enable Messenger-enabled video calls, technically have the capability to gather data on users via the camera and mic onboard.
Gaming

What you should know about 'Red Dead Redemption 2' before it launches

The long-awaited (and long-rumored) sequel to Rockstar Games' Red Dead Redemption is confirmed. Red Dead Redemption 2 will arrive next spring. Here's everything we've heard about the game so far.
Computing

Your ‘Do Not Track’ tool might be helping websites track you, study says

New research from the "Do Not Track" features embedded in popular browsers are being ignored, opening up the possibility of consumers having their information targeted by specific ads based on their web histories and cookies. 
Computing

Here's how to download a YouTube video to watch offline later

Learning how to download YouTube videos is easier than you might think. There are plenty of great tools you can use, both online and offline. These are our favorites and a step by step guide on how to use them.
Cars

Carbuying can be exhausting: Here are the best used car websites to make it easier

Shopping for a used car isn't easy, especially when the salesman is looking to make a quick sale. Thankfully, there are plenty of sites aimed at the prospective buyer, whether you're looking for a sedan or a newfangled hybrid.
Social Media

YouTube is back after crashing for users around the world

It's rare to see YouTube suffer serious issues, but the site went down around the world for a period of time on October 16. It's back now, and we can confirm it's loading normally on desktop and mobile.
Computing

How to recover Google contacts

If you accidentally deleted an important person from your Google Contacts, they might not be lost forever. Recovering them is a fairly easy process -- as long as you do it quickly. Here's how.
Computing

Afraid that Bitcoin could be a bubble? Here's how to sell what you've got

If you're investing in cryptocurrencies, it's important to have your exit strategy in place if prices start to crash. If you've decided it's time to get out or just want to learn how to sell Bitcoins, here's how to get started.
Computing

Don't take your ISP's word for it: Here's how to test your internet speed

If you're worried that you aren't getting the most from your internet package, speed tests are a great way to find out what your real connection is capable of. Here are the best internet speed tests available today.
Web

Feed your fandom: These are the best YouTube channels for sports lovers

If you're a cable cutter who still wants to enjoy quality sports highlights and analysis, YouTube is the place to go. There are plenty of great sports-centric channels on YouTube, each of which provides great highlights and top-shelf…
Computing

Chrome 70 is now available and won’t automatically log you in to the browser

Google has officially launched Chrome version 70 on Windows Mac and Linux. The update introduces some new Progressive Web App integrations on Windows 10 and also tweaks the much controversial auto login with Google Account feature.
Smart Home

Here’s everything you need to know about Amazon Prime Pantry

The marvels of the Internet have made it possible to do all your shopping from the comfort of your living room. Amazon Prime Pantry allows you to buy groceries and household items online. Here's more info about the service.
Social Media

Grow your Twitter audience overnight with these simple tips and tricks

Using Twitter can be intimidating, but these tips will help you feel less inadequate when you look at your follower count. As long as you use a bit of moderation, you'll soon be one step closer to social media fame.