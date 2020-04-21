from the fighting-for-eyeballs-gets-dirty dept.
Millions of web surfers are being targeted by a single malvertising group:
Infiltrating the ad ecosystem by posing as a legitimate buyer requires resources. For one, scammers must invest time learning how the market works and then creating an entity that has a trustworthy reputation. The approach also requires paying money to buy space for the malicious ads to run. That's not the technique used by a malvertising group that security firm Confiant calls Tag Barnakle.
"Tag Barnakle, on the other hand, is able to bypass this initial hurdle completely by going straight for the jugular—mass compromise of ad serving infrastructure," Confiant researcher Eliya Stein wrote in a blog post published Monday. "Likely, they're also able to boast an ROI [return on investment] that would eclipse their rivals as they don't need to spend a dime to run ad campaigns."
Over the past year, Tag Barnakle has infected more than 120 servers running Revive, an open source app for organizations that want to run their own ad server rather than relying on a third-party service. The 120 figure is twice the number of infected Revive servers Confiant found last year.
Once it has compromised an ad server, Tag Barnakle loads a malicious payload on it. To evade detection, the group uses client-side fingerprinting to ensure only a small number of the most attractive targets receive the malicious ads. The servers that deliver a secondary payload to those targets also use cloaking techniques to ensure that they also fly under the radar.
(Score: 2) by progo on Tuesday April 20, @04:08PM (1 child)
When a blog post has a static text box inserted into it saying "Buy Raycon ear buds because they will help you achieve nirvana", or when a vlog has the presenter read the same message, this is fine. This is how mass advertising is supposed to work, and I'm pretty sure the likes of uBlock origin don't even try to block it. The advertiser makes a deal with a publisher/broadcaster because the advertiser likes this publisher's audience. The publisher passes the paid message on to the readers/viewers.
Never forget that the adtech crap in this story today has always been compromised by lies and empty b2b promises among so many layers of middlemen that no one has any idea what's going on. If you don't use an ad blocker like uBlock Origin, you are practicing bad system security.
(Score: 1, Insightful) by Anonymous Coward on Tuesday April 20, @04:36PM
"Legitimate" ad companies also have historical overlap with malware devs (see CoolWebSearch). There was (is?) a revolving door between the two "scenes." They can cry "compromised" as much as they want, with the people involved a "compromise" could amount to "these guys handed us a big bag of money, and we sure love money, yes we do." People shouldn't make the mistake that incompetence and malice are mutually exclusive qualities.
(Score: 0) by Anonymous Coward on Tuesday April 20, @05:00PM
you know if we would stop adding crap to html standard (mostly for advertisers anyway?) we would not need to worry so much about browser exploits and could click on any link presented?
keep adding stuff to browser to overload the small, less funded alternative browser makers whilst securing enough funding thru advertisers for your own browser and soon enough you wilk have the "de facto" browser ... and then, maybe, the worm turns and the next "victim" will be the people that initially provided the funding.
in this story there is prone to be a 3rd player (see original story).