Online adverts are both a blessing and curse. On the upside, online advertising has seen many apps that'd otherwise cost being made available for free. There is a big downside in that the number of intrusive and garish adverts has proliferated.
This was bought home at the Hong Kong e-crimes summit by Paul Waters, who is a Professor of Information Technology at Massey University. Paul talked about adverts as a vehicle for cyber-crime.
I caught up with Paul to get a handle on just how dangerous dodgy online advertising can be.
Pat Pilcher: How is online advertising a potential vector for malware, scams and other security issue?
Paul Waters: Online advertising is a vector because it's the easiest way to lure people into scams or downloading malware. They're either going to a trusted site (which could be serving malicious ads) or because they believe what they read.
For example, some ads will say "your computer is running slow, click here to update" and users actually do this! Users need to be much more skeptical ...
PP: Whats in it for cyber crims?
PW: Money! No other business can operate at margins of 1000%. Also if they operate a rogue site, or run dodgy ads, the risk of arrest is low. It's the perfect crime.
PP: Indeed. So what will a dodgy advert do if clicked?
PW: If it's a scam, then it will just take you to another site where you will get ripped off (eg, offshore gambling). If it's malware, the virus will install itself in your browser. It could capture your banking credentials, send these to a crook, who can then "cashout" your bank account!
PP: What should the average user should look out for to identify a dodgy advert?
PW: Users can install software like AdBlock to remove ads from their browser. Or they can practice "if it sounds too good to be true, it probably is!"
PP: That's good advice. Will anti-virus/malware/security and ad-blocking software help?
PW: Ad-blocking will stop ads appearing - though some people like tailored, customised ads. Anti-virus products might work but I've found that viruses spread by ads are only usually caught by 1 or 2 packages (out of around 50).
PP: Really? But not all online adverts are dodgy though, right?
PW: Not at all, and the nice thing about internet ads is that they're usually tailored to your interests. Google, Facebook etc know a lot about you!
PP: So what genre of sites tend to be most associated with dodgy online adverts?
PW: They could appear on any site, but in most cases, they're found on rogue/pirate sites where people download torrents. These sites rely on advertising to make money, cover their costs, generate profit etc
PP: How did you go about developing your research?
PW: There was a study released in Jan 2013 naming "mainstream" advertisers in the US, but it ignored the 99% of ads which are malware, scams, sex industry ads, drug ads etc. So I thought it would be interesting to look at the "dark side" because my background is in cybercrime research.
PP: I recently wrote about how the UK Government have started compiling a blacklist of file-sharing sites. They're also telling potential online advertisers not to advertise with these sites. How effective/ineffective do you feel this will be?
PW: It's a good move. Situational crime prevention theory suggests that you need a visible deterrent to protect against crime. I would like to see the police be more active online, managing and blocking threats to ordinary users.