UPDATED 12:52 EST / JANUARY 23 2018

NEWS

One group’s malicious ads racked up 1B views in 2017

Malicious ads have plagued the internet almost from the beginning, and it does not look like they are getting any better. In fact, they may even be getting worse.

Confiant Inc., a company that provides security tools for online ads, revealed in a report today that it uncovered a large malicious advertising operation that bought an estimated 1 billion ad views in 2017.

A group that Confiant dubbed “Zirconium” operated the campaign through a network of at least 28 fake ad agencies, which ran malicious ads that reached 62 percent of ad-supported websites each week.

According to Jerome Dangu, co-founder and chief technology officer at Confiant, Zirconium’s ads commonly relied on forced redirects that take control of a user’s browser to send them to a different website. Dangu explained that Zirconium created a “chain of redirection” that passes users between several different domains, generating traffic for each site before it finally drops them on a page with a malware scam.

“Supply [of user traffic] is brought in by the fake agencies, establishing relationships with legitimate ad platforms and buying traffic,” said Dangu. “Having multiple relationships makes the operation more robust (in case an agency gets caught) and stealthier — as each agency poses as a long-tail small business agency and buys small amounts at a time.”

Dangu added that Zirconium did not directly operate its own landing pages, but rather it resold traffic to affiliate marketing platforms. These included Voluum and AdSupply, two platforms that Dangu said are “known for their leniency toward malicious campaigns.”

Zirconium’s chain of redirects started with Beginads, which acted as a central gateway for all of the group’s fake agencies. The traffic then moved through another Zirconium-owned site called MyAdsBro. Other groups could also direct traffic through MyAdsBro, which would supposedly pay out a commission in cryptocurrency. “Going as far as to build a black-hat affiliate network shows the level of sophistication that they reached in their operations,” said Dangu.

According to Confiant, Zirconium went to great length to make its fake agencies appear to be legitimate. The group created LinkedIn personas for fake chief executives, used stock images for company photos, posted machine-generated content to social media and more. Zirconium even used separate infrastructures for the agencies to ensure that they didn’t use the same hosting or domain registration services.

Dangu noted that Google Chrome will soon block forced redirects, which will make Zirconium’s methods much less effective. But he added, “They’ve already proven their adaptability and this will shift their efforts to some new threat vectors.”

Photo: Confiant

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU