Flash banners are increasingly used to infect internet users with malware, according to the digital security company Bromium. The flash banners have become so popular with cybercriminals that they have the potential to replace the more complicated hacking of websites and placing exploit kits.
Advertisements containing malicious code and displayed on popular and frequently visited websites have existed for years already. When the malicious code is executed it loads an exploit that makes use of known vulnerabilities in unpatched browsers and browser plugins. Especially flash banners are heavily exploited by cybercriminals, according to the researchers.
Once an user is infected with an exploit the PC can be used to send spam, launch other attacks from or cybercriminals can try to steal banking and/or confidential information from the PC.
"The most dangerous online advertisement is a flash banner", they state in their research report. According to statistics more than 1 billion internet users have Adobe Flash Player installed on their computer. "The danger of Flash redirects is that they don't necessarily cause harm and therefore are hard to detect and block".
The researchers also report that advertising networks can replace exploit kits uploaded to hacked web servers. Using advertising networks is easier and more convenient for the cybercriminals and the researchers consider it a real possibility that full-fletched exploit kits will be distributed with malicious banners.
To decrease the risk of malvertising, as spreading malware through advertisements is called, currently used protection methods are not sufficient, according to the report. Due to the magnitude of online advertising it's hopless to check all advertisements on malware. Also, many virus scanners are unable to detect malicious flash code.
A possible solution is to install an adblocker on a PC, but the researchers state that it's harmful for publishers and online services that are dependent on advertising revenues. The recommended solution will be detecting and blocking exploits and keeping software up to date.
