107.9FM NYJ/LA

Translate This Page

Hacking America:Beware of malicious ads that can harm computers without a click

Posted by Jennifer Schlesinger | @jennyanne211 on Sunday, May 25, 2014 Under: 848FINACE


Ads with malicious code embedded, known as "malvertising," can breach your computer without you even clicking on a link. CNBC's Scott Cohn reports.

You've been told repeatedly not to click on suspicious links, to prevent your computer from being infected with malware and viruses. But there's a threat you've probably never heard of that can infect your computer—even without a single click. And lawmakers are taking notice.

Experts told CNBC that advertisements on sites can be used by cybercriminals to take over your computer, steal your identity or access your online bank account. Websites are working to stop the problem, but these aggressive ads still slip by with damaging code. This kind of malicious adknown as malvertisementscontain malware or embedded viruses, which can infect computers without a single click.

"We estimate that last year over 12.4 billion malicious ad impressions were served," said Craig Spiezle, executive director and president of Online Trust Alliance, a nonprofit that educates businesses and consumers on security and privacy issues.

Such ad impressions can compromise your computer if your browser has insecure privacy settings, said Curt Wilson, a senior research analyst at cybersecurity company Arbor Networks.

Spiezle testified at a May 15 Senate hearing on malvertising. He told the Senate subcommittee on investigations that malicious ads increased 225 percent between 2012 and 2013, though some tech companies disputed the increase.

Read MoreMistakes businesses are still making in cyberspace

Malvertisements on big sites

During the hearing, lawmakers cited recent examples of malicious ads reaching consumers. Spiezle said many large companies have faced malvertising attacks.

"In February of this year, an engineer at a security firm discovered that advertisements on YouTube served by Google's ad network delivered malware to visitor's computers. … That virus was designed to break into consumers' bank accounts and transfer funds to cybercriminals," said Sen. John McCain, R-Ariz.

YouTube is owned by Google. And in a statement sent by e-mail, a Google spokesman said, "In February, we detected ads on YouTube that violated our advertising policies. We have zero tolerance for these incidents and our teams quickly took the appropriate actions to resolve this issue."

And according to Google's blog, Google removed 350 million bad ads in 2013, including disabling ads from more than 400,000 websites that were hiding malware.

In written testimony, Yahoo said it "has built a highly sophisticated ad quality pipeline to weed out advertising that does not meet our content, privacy or security standards."

Read MoreLessons from Target's data breach fumble

Cybercriminal tactics

Smeel Photography | E+ | Getty Images

According to lawmakers, many of the malvertising attacks can be traced to international cybercriminals, including those in Russia.

"When law enforcement raided the hideout of a Russian cybercriminal network, they found calendars marked extensively with U.S. federal holidays and three-day weekends," McCain said. "These cybercriminals were not planning Fourth of July picnics, of course, they were planning to initiate malware attacks when security staffing at the ad networks would be at their lowest."

Last holiday season, cybercriminals were able to put malicious ads on Yahoo. McCain said the ads were designed to seize user's computers to mine for the digital currency bitcoin, which requires large amounts of computer power.

"In just one day, in just one hour, 300,000 users were exposed to a malicious ad of which 9 percent or 27,000 users were compromised," Spiezle said about the Yahoo incident.

In a statement e-mailed to CNBC, a Yahoo spokeswoman said the ad targeted I.P. addresses in the European Union. "Since then we have expanded our testing program to include greater geographic and technological diversity and mitigate this kind of spoofing," she said.

Read MoreHacker starts hedge fund targeting vulnerable companies

The growing complexity of ad networks

One reason for malvertisements is that Web ad networks have gotten more complex. A single ad can go through as many as six intermediaries before reaching websites it appears on, according to Spiezle.

"You have this very complex ecosystem and it was designed to be very efficient, which it is. It's designed to help provide very relevant advertising for the consumer, which it achieves, but also in all the benefits, it's opened its door to be an easy way for cybercriminals to compromise," Spiezle said.

Read MoreInternet ad spend up 32% as old media takes a hit

Protect yourself from malvertising







What bosses don't know about cybersecurity
Each company data breach costs $3.5 million on average. For corporates executives the consequences can be even more dire, potentially costing them their jobs. Yet,experts tell CNBC you'd be surprised at what the boss doesn't know. CNBC's Scott Cohn reports.

To help fight the problem, the industry has established TrustinAds.org. The group, started on May 8, offers consumers information on how to report malicious ads.

You can also file complaints with the Federal Trade Commission at ftc.gov/complaint. The FTC has brought legal actions for malvertising.

To protect yourself ahead of time, experts advise installing browser and operating system updates. These patches often contain critical updates that can stop the malware hidden in ads.

In addition, be sure to check your browser's privacy settings. If you automatically accept all cookies, you could be at risk.

Finally, make sure your antivirus and antimalware software is up to date. This software can find the malware before it has a chance to do damage.

Read MoreCybercriminals' new target? Your medical records

By CNBC's Jennifer Schlesinger.

For more CNBC coverage of cybersecurity, visit HackingAmerica.cnbc.com.

Jennifer SchlesingerAssociate Producer

In : 848FINACE 


Tags: jennifer schlesinger @jennyanne211 beware of malicious ads that can harm computers without a click hacking america 

Panerai Luminor "Blackseal" PAM76 Titanium Black & Silver dial 44mm Automatic wa

PANERAI WATCH
LUMINOR / Ref. PAM76
44mm, Titanium
W525050
Panerai Luminor "Blackseal" PAM76 Titanium Black & Silver dial 44mm Automatic watch
TRY IT ON
G&S Price: $22,000

SALE PRICE

$16,900 


    HOT 103.1 FM HOUSTON

    Fashion director finds. Everything our fashion office is obsessed with right now.

    Shop Janelles's finds


     
     
    E*TRADE from Morgan Stanley 
    View in browser   |   Log on
     
     
     
    Make the most of your cash in 2025
     
    Boost your earning power with a high-yield savings and bank certificate of deposit (CD) account.
    BANKING
     
    You’re already building your portfolio with E*TRADE from Morgan Stanley. Now, unlock more of your financial potential and open a high-yield bank account from Morgan Stanley Private Bank, Member FDIC, on etrade.com.
    Bank smarter with some of today’s best rates
    Bank CD accounts
    Bank CD accounts
     
    Plus, even more reasons to bank with us
    Award Icon
    Award-winning banking*
    Our accolades speak for themselves
     
     
    Check Icon
    Easy money management
    With E*TRADE from Morgan Stanley’s best-in-class digital experience6
     
     
     
    Lock Icon
    FDIC
    protected

    Up to applicable limits. Certain conditions must be satisfied.7
     
     
     
    Learn how to manage cash strategically
    Not sure which account is right for you? Learn how to use cash as an asset class to balance your short-tern needs with your long-term goals. Read article
     
     
    Facebook twitter Youtube
    Privacy Pledge  |  Security Center  |  FAQs
     
     
     
     
    *February 3, 2025. Buy Side from Wall Street Journal. Reprinted with permission by Dow Jones & Company, Inc.

    1. As of 2/21/2025, the Annual Percentage Yield (APY) of the Premium Savings Account offered by Morgan Stanley Private Bank, National Association is 4.00%. Your interest rate and APY may change at any time and fees may reduce earnings. Please visit etrade.com/ratesheet for information regarding this account's current interest rate and corresponding APY.

    2. Based on comparison to the National Deposits Savings Average Annual Percentage Yield (APY) as published on the FDIC Weekly National Rates and Rate Caps Weekly Update, as of January 21, 2025.

    3. Certificate of Deposit (CD) interest rates are fixed from the start of the term until their maturity date.

    CD offerings can change on a daily basis. The interest rate on the Settlement Date can be higher or lower than the interest rate that was available at the time of account opening. If your Settlement Date is within 10 calendar days of the account opening, the applied interest rate will be the highest of the prevailing interest rate on the date of account opening or the date of Settlement. Maturity is determined based on the Settlement Date and the term selected. The APY is based on no withdrawal of credited interest and no redemption prior to the stated maturity date. A withdrawal will reduce earnings. See the CD Rate Table page at etrade.com for information on term lengths, current interest rates and corresponding APYs.

    Interest is compounded daily. Interest will compound from the Settlement Date until the last full day before the date of withdrawal using the daily balance method. Accrued interest posts to your account on a quarterly basis, unless you select at account opening to receive interest via check.

    4. As of 2/21/2025, the Annual Percentage Yield (APY) of the Certificates of Deposit is up to 4.25%. Your interest rate and APY may change at any time until funding is settled, and penalties may reduce earnings. The APY is based on no withdrawal of credited interest and no redemption prior to the stated maturity date. Please visit etrade.com/ratesheet for information regarding the current interest rate, corresponding APY, and account terms.

    5. Bank CD accounts must be opened and funded to lock in a fixed rate.

    6. For the StockBrokers.com 2024 Annual Awards, all 17 U.S. equity brokers reviewed were assessed on over 200 different variables across eight areas: Commissions & Fees, Investment Options, Platforms & Tools, Research, Mobile Trading, Education, Ease of Use, and Overall. E*TRADE from Morgan Stanley was awarded the #1 Investor App, and #1 Web Trading Platform. In addition, E*TRADE received fifteen Best in Class distinctions: Overall Rating, Commissions & Fees, Research, Platforms & Tools, Investment Options, Mobile Trading Apps, Education, Bank Brokerage, Beginners, Futures Trading, IRA Accounts, Options Trading, Penny Stock Trading, High net Worth Investors, and Ease of Use. E*TRADE's star ratings for all category rankings out of 5: Overall (5.0 stars), Customer Service (4.0 stars), Commissions & Fees (4.5 stars), Research (5.0 stars), Platforms & Tools (4.5 stars), Mobile Trading Apps (5.0 stars), Investment Options (4.5 stars), Education (5.0 stars), Ease of Use (5.0 stars), Customer Service (4.0). Read the 2024 Online Broker Review.

    7. The Premium Savings Account gives Morgan Stanley Private Bank, National Association, Member FDIC the ability to send any amount held on deposit in your Premium Savings Account to other depository accounts at Federal Deposit Insurance Corporation (“FDIC”) member banks with the purpose of affording you additional FDIC insurance coverage. The Program is designed to offer up to $500,000 in FDIC coverage to individual accounts (up to $1 million for joint accounts). Certain conditions must be met. Learn more.

    Deposits held in Certificate of Deposit accounts are FDIC insured up to $250,000. Learn more.

    No minimum initial deposit is required to open a Premium Savings Account and Certificate of Deposit Account. However, account must be funded within 30 days to remain open.

    This is a promotional email from Morgan Stanley Private Bank, National Association. Click here to unsubscribe.

    Morgan Stanley Private Bank, P.O. Box 484, Jersey City, NJ 07303-0484

    Please see our Privacy Pledge for details about how Morgan Stanley handles personal information.

    Banking products and services are provided by Morgan Stanley Private Bank, National Association, Member FDIC.

    © 2025 E*TRADE from Morgan Stanley. All rights reserved. E*TRADE Copyright Policy







    Invest, spend, and earn 2.05% APY*–all through your brokerage account.
    Our goal at Robinhood is to democratize finance. This means delivering products that help you do more with your money and improve your life. Today, we're excited to introduce Cash Management, a new feature to give you more flexibility with your brokerage account.
    JOIN THE WAITLIST
    Flexible Spending
    Use your Robinhood debit card anywhere Mastercard® is accepted around the world.
     
    Earn 2.05% APY
    Your uninvested cash is moved to banks in our program that pay you 2.05% APY*. Like all variable rates, this could go up or down over time.
     
    FDIC Insurance
    Your cash in the program banks is eligible for up to $1.25 million of FDIC insurance, or up to $250,000 per bank, subject to FDIC rules.
     
    75,000+ ATMs
    Don't pay fees at any of the 75,000+ ATMs in our network.
    JOIN THE WAITLIST


    See the source image



    For the next two weeks, you can earn increasing levels of Stock-Back™ rewards when you shift your everyday spending to your Stash debit card.* 

    Every qualifying swipe over $5 gets you closer to leveling up your Stock-Back rewards. Levels start tomorrow and reset to zero on Monday, November 18.

    Follow Us

     

    Flag Counter


    Flag Counter

    Make a free website with Yola