According to Eric Davis, all complex systems have parasites, and a computer system is no different.
Davis, the director of anti-malvertising at Google, is responsible for finding ways to manage the malware parasites that can be buried in on-line advertisers’ SWF (shockwave flash) files. Most of the time, even the advertisers selling bundles of ads don’t know when a malicious ad is there, and they sell it to some of the most recognized and respected (and unsuspecting) companies.
Davis spoke on the last day of Fordham University’s second International Conference on Cyber Security (ICCS) held Aug. 2 through 5 at the Lincoln Center campus and co-sponsored by the FBI. He said that malvertisements can mimic real brand names—WeightWatchers or Suzuki, for example—or appear as other ads (i.e., “Live and Work in Canada.”) Once a user clicks on the malicious advertisement, it either installs malware or jumps to a site that installs it. Then, it can can corrupt information or crash a user’s machine, trick a user into accepting an unwanted software download, steal a user’s credit card information, or cue for a future attack on the system. The number of such ad hits is estimated at more than a million a day.
Most of the time, site owners have no idea they’ve been infected, he said.
In a “perfect world,” said Davis, computers would have been designed from the outset with tighter main frames. In lieu of that, there are lots of anti-malvertising sites to visit, and Google has a site where you can check URLs against the company’s blacklist of suspected phishing and malware sites.