How Adblock Plus could work as malware protection

19.08.2015
Last week I discussed one of the pros of ad blockers – how they could significantly reduce the amount of network traffic consumed by pesky advertising, especially auto-playing videos.

As I said then and will repeat now, it's a double-edged sword. On the one hand, I don't blame users of ad blockers, now numbering close to 200 million worldwide. Ads are obnoxious. They aren't content to just be there, they have to grab you, oftentimes rudely. 

At the same time, Network World and every other tech news site lives and dies by ads, so I and everyone else published here (plus those folks behind the scenes) need you to see and click on those ads.

Well, one side of the blade just got a little sharper, and it's not mine, regrettably. Ad blockers, as it turns out, can also act as malware protection.

Malwarebytes Labs recently uncovered a large malvertising attack on the Yahoo! advertising network that started on July 28. Malwarebytes estimates that up to 6.9 billion readers could have been affected, making it one of the largest malvertising attacks Malwarebytes Labs has seen recently. 

Malvertising is defined as crafted advertisements that intentionally infect the computers of anyone who visits the site. A tiny piece of code hidden deep in the ad will reroute your computer to criminal servers without your knowledge, which then determines how exposed your computer is and decides which piece of malware to send you. 

In the case of the Yahoo ad, victims are infected with ransomware via the Angler Exploit Kit, but it’s possible that anything from banking Trojans to additional advertising fraud is also being used in this attack.

Malwarebytes said that the infection included Yahoo's main site, as well as subgroups like News, Finance, Sports, Celebrity, and Games. The ads route users to a site on Microsoft Azure, which eventually leads to the Angler Exploit Kit.

But, according to a friend at Malwarebytes, when you are running Adblock Plus or any other ad blocker, then the ad never plays, so no payload is delivered to your PC. So the malware doesn't ever get to touch your PC. Even if you don't click on the ad, the fact is it loads and becomes saved in your browser cache, so it does get onto your PC without the blocker.

Granted, there are other ways to get infected with an ad blocker, like links in a spam mail or on dubious links from questionable Web sites. Anyone who has visited 4chan knows that.

To my knowledge, no one has tested ad blockers for malware. I would imagine that would be tricky. But perhaps they should.

(www.networkworld.com)

Andy Patrizio