

Malicious ads have plagued the internet almost from the beginning, and it does not look like they are getting any better. In fact, they may even be getting worse.
Confiant Inc., a company that provides security tools for online ads, revealed in a report today that it uncovered a large malicious advertising operation that bought an estimated 1 billion ad views in 2017.
A group that Confiant dubbed “Zirconium” operated the campaign through a network of at least 28 fake ad agencies, which ran malicious ads that reached 62 percent of ad-supported websites each week.
According to Jerome Dangu, co-founder and chief technology officer at Confiant, Zirconium’s ads commonly relied on forced redirects that take control of a user’s browser to send them to a different website. Dangu explained that Zirconium created a “chain of redirection” that passes users between several different domains, generating traffic for each site before it finally drops them on a page with a malware scam.
“Supply [of user traffic] is brought in by the fake agencies, establishing relationships with legitimate ad platforms and buying traffic,” said Dangu. “Having multiple relationships makes the operation more robust (in case an agency gets caught) and stealthier — as each agency poses as a long-tail small business agency and buys small amounts at a time.”
Dangu added that Zirconium did not directly operate its own landing pages, but rather it resold traffic to affiliate marketing platforms. These included Voluum and AdSupply, two platforms that Dangu said are “known for their leniency toward malicious campaigns.”
Zirconium’s chain of redirects started with Beginads, which acted as a central gateway for all of the group’s fake agencies. The traffic then moved through another Zirconium-owned site called MyAdsBro. Other groups could also direct traffic through MyAdsBro, which would supposedly pay out a commission in cryptocurrency. “Going as far as to build a black-hat affiliate network shows the level of sophistication that they reached in their operations,” said Dangu.
According to Confiant, Zirconium went to great length to make its fake agencies appear to be legitimate. The group created LinkedIn personas for fake chief executives, used stock images for company photos, posted machine-generated content to social media and more. Zirconium even used separate infrastructures for the agencies to ensure that they didn’t use the same hosting or domain registration services.
Dangu noted that Google Chrome will soon block forced redirects, which will make Zirconium’s methods much less effective. But he added, “They’ve already proven their adaptability and this will shift their efforts to some new threat vectors.”
Support our open free content by sharing and engaging with our content and community.
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.