Adware programs designed to render advertisements on end user systems have gone from being merely an annoyance to a major security threat for enterprises.
New research from security firm G Data Software showed that during the second half of 2014, ad injection software, or potentially unwanted programs (PUPs), accounted for more than 31 percent of all new malware signatures detected by antivirus software. The number of new strains detected by G Data quintupled from the first half of 2014, putting adware in second place behind Trojans in the most prevalent malware category.
PUPs overtook malicious downloaders for the first time, accounting for eight of the top 10 attacks that G Data’s software averted during the second half of 2014. Unwanted advertising software represented 65 percent of the attacks in G Data’s list for the time period.
The surge in adware came amid a sharp rise in the overall number of new malware strains. Between the first half of the year and the second, the number of new malware strains detected increased by a dramatic 125 percent, from 1.8 million to just over 4 million, according to the study.
In total, G Data counted close to 6 million new malware signatures in 2014, a 77 percent increase over 2013. Statistically, a new malware signature was detected every 3.75 seconds between June and December last year.
“One trend that is set to continue and even gather speed is the bundling of legitimate software with [PUPs] from third-party providers,” the security firm warned in its report.
The sharp rise in adware contrasted with a slowdown in attacks involving the use of banking Trojans. The sophisticated security measures that are being implemented by financial institutions have apparently made it harder for threat actors to use malware strains against them.
A Familiar Concern
G Data’s findings on the adware threat echo concerns that have been aired by other technology firms in recent months. Google, for instance, released a report in May voicing its concerns over the growing security threat posed by these products. The company conducted a study in collaboration with researchers at the University of California, Santa Barbara and the University of California, Berkeley on the prevalence of adware programs on the Internet. It found that almost 5.5 percent of IP addresses connecting to its websites from around the world were infected with ad injectors that served up unwanted ads and programs that were downright malicious.
During the study, Google uncovered over 50,000 browser extensions and 30,000 programs that were being used to take control of user browsers to inject advertisements. More than 30 percent of these programs were designed to steal account credentials, hijack search queries, drop other malware tools and monitor and report on a user’s browsing behavior, Google noted.
Ad injection software is typically bundled along with free products such as games and screen savers that people often download onto their systems. Online advertising networks also play a big role in distributing these programs, often without their knowledge.
Earlier this year, a cybercriminal posing as a legitimate advertiser managed to post a malicious ad with Merchanta, an online ad exchange platform with direct links to many top websites, Malwarebytes reported on its blog. The malicious advertisement was fed into Google’s DoubleClick channels, where it was quickly distributed to hundreds of thousands of Internet users around the world.
The growing number of malicious advertising tools and the ease with which they can be distributed have made adware one of the biggest threats to enterprises in 2015. In the first quarter of 2015, attackers took to malvertisements with renewed vigor, noted Trend Micro.
Many have begun using malicious advertisements to target dangerous zero-day vulnerabilities, the security firm said. Although adware and malvertisements may not be new, the ways in which they are being disguised and distributed are. Keeping pace with these malicious ads and striving to stay ahead of the curve when it comes to security will only become more important, especially among users who value data protection and secure browsing.