And You Thought Online Ads Were Just About Marketing...You were right when you thought online ads were about selling something, you just didn't know that they were about selling you. We first touched on this phenomena back in 2013, when we pioneered research into the use of online ads by cybercriminals for nefarious purposes with the release of our report "Marketing Cybercrime to Infect America." In this report we summarized the results of our research into the darker side of online ads, describing how cybercriminals use the online ad networks to gain footholds into millions of computers around the world, simply by displaying an online ad (no click necessary). For some it was a matter of remotely turning on computer microphones or video cameras, but online ads quickly became vehicles for injecting malware, remotely taking over computers and stealing information. A big part of the problem is how the ad networks implement their online ads. Online ads used to be (long, long, long ago) simple, clickable images placed on a webpage and simply browsing a page with the image on it had no impact. Fast forward to today and we have website owners that have no idea what ads show on their webpages and have given the ad networks the ability to inject programming code into their websites. If they even give it a thought, the website owner may hope that the code injected is innocuous, but they have no control over it. The code so injected is not from the ad networks, rather, the ad network sells the ad space to anyone who pays. "Selling ad space" sounds innocuous, but in this case, it means that whoever has the means to pay can provide whatever software code they wish to be injected into their purchased ad space, with the result that you may have websites unknowingly providing malware from all over the world, a little bit at a time. In order to give advertisers more flexibility, the structure of today's online ad networks have created a direct pathway from the advertiser to your computer, bypassing the actual website owner. The website owners have no way to police or even know what ad content is running on the ad channels on their webpages. This all has huge implications for your privacy, but it goes beyond that. Back in 2013 we observed online ads used to inject software code that remotely turned on video cameras and microphones and many other things besides. While you may think privacy is a thing of the past and not care about such things, tracking is not something to be taken lightly. By tracking someone over time, the one doing the tracking is able to develop a lot of knowledge about that person, which can be used for very nefarious purposes, especially when combined with the channel already built into their computer through the online ads. The only way to combat the insidious nature of online ads is to avoid them. And we don't mean by boycotting the Internet or any other such drastic steps. The online ads are not coming from the websites you wish to visit. As mentioned above, the websites are merely vehicles through which to load the ads into your browser, but other than that there is no instrinsic connection between the two. Blocking the source for the online ads' software code blocks the ads, but not the website on which the ads are placed and the website does not need the code from the online ads in order to function. When you block the source of the ads through LAD's LateralDNS, to your browser it simply appears that the source of the ads is temporarily unavailable, so there is nothing available to load and nothing available to compromise you or your computer's security, privacy or peace of mind.
|