107.9FM NYJ/LA

Translate This Page

Hacking America:Beware of malicious ads that can harm computers without a click

Posted by Jennifer Schlesinger | @jennyanne211 on Sunday, May 25, 2014 Under: 848FINACE

Ads with malicious code embedded, known as "malvertising," can breach your computer without you even clicking on a link. CNBC's Scott Cohn reports.

You've been told repeatedly not to click on suspicious links, to prevent your computer from being infected with malware and viruses. But there's a threat you've probably never heard of that can infect your computer—even without a single click. And lawmakers are taking notice.

Experts told CNBC that advertisements on sites can be used by cybercriminals to take over your computer, steal your identity or access your online bank account. Websites are working to stop the problem, but these aggressive ads still slip by with damaging code. This kind of malicious adknown as malvertisementscontain malware or embedded viruses, which can infect computers without a single click.

"We estimate that last year over 12.4 billion malicious ad impressions were served," said Craig Spiezle, executive director and president of Online Trust Alliance, a nonprofit that educates businesses and consumers on security and privacy issues.

Such ad impressions can compromise your computer if your browser has insecure privacy settings, said Curt Wilson, a senior research analyst at cybersecurity company Arbor Networks.

Spiezle testified at a May 15 Senate hearing on malvertising. He told the Senate subcommittee on investigations that malicious ads increased 225 percent between 2012 and 2013, though some tech companies disputed the increase.

Read MoreMistakes businesses are still making in cyberspace

Malvertisements on big sites

During the hearing, lawmakers cited recent examples of malicious ads reaching consumers. Spiezle said many large companies have faced malvertising attacks.

"In February of this year, an engineer at a security firm discovered that advertisements on YouTube served by Google's ad network delivered malware to visitor's computers. … That virus was designed to break into consumers' bank accounts and transfer funds to cybercriminals," said Sen. John McCain, R-Ariz.

YouTube is owned by Google. And in a statement sent by e-mail, a Google spokesman said, "In February, we detected ads on YouTube that violated our advertising policies. We have zero tolerance for these incidents and our teams quickly took the appropriate actions to resolve this issue."

And according to Google's blog, Google removed 350 million bad ads in 2013, including disabling ads from more than 400,000 websites that were hiding malware.

In written testimony, Yahoo said it "has built a highly sophisticated ad quality pipeline to weed out advertising that does not meet our content, privacy or security standards."

Read MoreLessons from Target's data breach fumble

Cybercriminal tactics

Smeel Photography | E+ | Getty Images

According to lawmakers, many of the malvertising attacks can be traced to international cybercriminals, including those in Russia.

"When law enforcement raided the hideout of a Russian cybercriminal network, they found calendars marked extensively with U.S. federal holidays and three-day weekends," McCain said. "These cybercriminals were not planning Fourth of July picnics, of course, they were planning to initiate malware attacks when security staffing at the ad networks would be at their lowest."

Last holiday season, cybercriminals were able to put malicious ads on Yahoo. McCain said the ads were designed to seize user's computers to mine for the digital currency bitcoin, which requires large amounts of computer power.

"In just one day, in just one hour, 300,000 users were exposed to a malicious ad of which 9 percent or 27,000 users were compromised," Spiezle said about the Yahoo incident.

In a statement e-mailed to CNBC, a Yahoo spokeswoman said the ad targeted I.P. addresses in the European Union. "Since then we have expanded our testing program to include greater geographic and technological diversity and mitigate this kind of spoofing," she said.

Read MoreHacker starts hedge fund targeting vulnerable companies

The growing complexity of ad networks

One reason for malvertisements is that Web ad networks have gotten more complex. A single ad can go through as many as six intermediaries before reaching websites it appears on, according to Spiezle.

"You have this very complex ecosystem and it was designed to be very efficient, which it is. It's designed to help provide very relevant advertising for the consumer, which it achieves, but also in all the benefits, it's opened its door to be an easy way for cybercriminals to compromise," Spiezle said.

Read MoreInternet ad spend up 32% as old media takes a hit

Protect yourself from malvertising

What bosses don't know about cybersecurity
Each company data breach costs $3.5 million on average. For corporates executives the consequences can be even more dire, potentially costing them their jobs. Yet,experts tell CNBC you'd be surprised at what the boss doesn't know. CNBC's Scott Cohn reports.

To help fight the problem, the industry has established TrustinAds.org. The group, started on May 8, offers consumers information on how to report malicious ads.

You can also file complaints with the Federal Trade Commission at ftc.gov/complaint. The FTC has brought legal actions for malvertising.

To protect yourself ahead of time, experts advise installing browser and operating system updates. These patches often contain critical updates that can stop the malware hidden in ads.

In addition, be sure to check your browser's privacy settings. If you automatically accept all cookies, you could be at risk.

Finally, make sure your antivirus and antimalware software is up to date. This software can find the malware before it has a chance to do damage.

Read MoreCybercriminals' new target? Your medical records

By CNBC's Jennifer Schlesinger.

For more CNBC coverage of cybersecurity, visit HackingAmerica.cnbc.com.

Jennifer SchlesingerAssociate Producer

In : 848FINACE 

Tags: jennifer schlesinger @jennyanne211 beware of malicious ads that can harm computers without a click hacking america 

Panerai Luminor "Blackseal" PAM76 Titanium Black & Silver dial 44mm Automatic wa

44mm, Titanium
Panerai Luminor "Blackseal" PAM76 Titanium Black & Silver dial 44mm Automatic watch
G&S Price: $22,000



    HOT 103.1 FM HOUSTON

    Fashion director finds. Everything our fashion office is obsessed with right now.

    Shop Janelles's finds


    Here’s $30 of BTC, on us.
    Get free $30 of BTC 
     by funding your Invstr+
    with $100 or more.
    Fund account & claim $30 of BTC
    Need help? Contact us at

    Invest, spend, and earn 2.05% APY*–all through your brokerage account.
    Our goal at Robinhood is to democratize finance. This means delivering products that help you do more with your money and improve your life. Today, we're excited to introduce Cash Management, a new feature to give you more flexibility with your brokerage account.
    Flexible Spending
    Use your Robinhood debit card anywhere Mastercard® is accepted around the world.
    Earn 2.05% APY
    Your uninvested cash is moved to banks in our program that pay you 2.05% APY*. Like all variable rates, this could go up or down over time.
    FDIC Insurance
    Your cash in the program banks is eligible for up to $1.25 million of FDIC insurance, or up to $250,000 per bank, subject to FDIC rules.
    75,000+ ATMs
    Don't pay fees at any of the 75,000+ ATMs in our network.

    See the source image

    For the next two weeks, you can earn increasing levels of Stock-Back™ rewards when you shift your everyday spending to your Stash debit card.* 

    Every qualifying swipe over $5 gets you closer to leveling up your Stock-Back rewards. Levels start tomorrow and reset to zero on Monday, November 18.

    Follow Us


    Flag Counter

    Flag Counter

    Make a free website with Yola