Security is a topic we have had to cover a lot over the last few years; certainly a lot more than we would have wanted to have to. Malware has become a big part of the security issues, whether it be Chrome or Android being easy targets, or child porn ransomware, malware is almost everywhere. One thing we have been able to count on is being secure on top-tier websites.
Ad platforms can be a source of revenue for these sites, but it turns out, if you're not careful, they can be a source of disaster, as well. Major sites recently had malicious ads served by their ad services, damaging customers' computers and their brand's reputation. Included in the sites that got hit were AOL, Match.com and Yahoo.
The ads were incredibly deceiving, because they stole creative from actual advertisers, including Bing and Case Logic, two well known and respected brands on the web. To see an ad from either of these companies would not be a surprise. Unfortunately, when the person who clicked ended up on the other end, what they received was not a normal website, but instead ransomware.
Ransomware locks your computer, or just a collection of files, and asks for money to unlock said files. The money is transferred in Bitcoin, making it difficult or impossible to trace. Because of this, it is a very effective way of extorting money out of unsuspecting people. Adding in the ability to trick people into downloading the ransomware from top tier websites adds a lot to the scam.
A couple of things need to come from this. First, as a web user, be very careful what you click on. Just because it is an ad for Bing on Match.com does not mean that Bing is on the other side of the ad. Also, when you get there, don't download anything that it encourages you to download. Bing is never going to download something for you, period.
Second, publishers need to be careful what ads they allow on their sites, and even more careful what ad platforms they allow ads to come from. Google AdSense, LinkShare and Commission Junction are safe ad platforms, but not so much anyone else. Even then, these platforms can be tricked into serving ads from scam groups.
This leads into the third point, aimed at the ad platforms themselves: they must be more vigilant in protecting the end customers. Ads like these never should have been allowed in the first place. If the check doesn't come from Microsoft, the ad should not say Bing. If these platforms know the ad is fake, they should not accept the payment and should not serve the ad.
Hopefully this issue will make a positive change: add a lot of thought to the Internet's advertising world, for the users, publishers and ad platforms.