Reports & Whitepapers

In this research, we explore the vulnerabilities that allow for malicious code insertion:

  • There are many techniques for malvertising infection that don't require the use of Flash in the ad creative.
  • Even with HTML5 video ads, malicious code could be inserted into the ad itself or VAST parameters. 
  • One of the key features of malware attacks is an inserted JavaScript code. JavaScript is the base language for HTML5, so malicious code can be packaged in HTLM5 without much difficulty. 
  • There is nothing to prevent an attacker from injecting a malicious URL using third-party code into the VAST or XML, or from direct injection of a malicious ad unit into the site’s self-designed video player.
download now

In this research, we explore the vulnerabilities that allow for malicious code insertion:

  • One of the newest techniques being used is fingerprinting, which can check potential victims’ computers with snippets of code injected directly into the ad banner.
  • The code can quickly rule out non-viable targets by detecting computer anti-virus programs and more.
  • Hundreds of goo.gl URLs are used in malicious redirections and there are booby-trapped GIF images hiding code with on-the-fly encoding.
  • Most malvertising is targeted towards genuine residential IP addresses only.
download now

This eBook will help you make sense of malvertising and determine what threats publishers are facing:

  • Malware is a global scourge that costs businesses an estimated $114 billion annually. Publishers are especially at risk.
  • Among the most common forms of malware is adware - unwanted software that’s automatically displayed or downloaded via advertising material.
  • Deep dive into two malvertising attacks on publishers, and learn how they were carried out.
  • Review the best practices for publishers to defend their sites against malware, and how to handle a breach.
download now