What can be used can also be abused.
From the article:
As more advertisers and ad networks start enabling HTTPS, criminals are beginning to make their activities harder to trace by serving their malicious ads over HTTPS, encrypting their tracks, according to security experts.
“HTTPS makes it a lot harder to be able to get this 'creative ID' as it is inside an encrypted session between the victimized client and the publisher giving the advertisement content,” Klijnsma said.
That’s the reason why a recent malvertising campaign that hit eBay and the Drudge Report, among others, was able to go unnoticed for three weeks. As Segura noted in his technical analysis of the campaign, the criminals avoided detection “by encrypting traffic” using HTTPS.
What’s worse, there’s no easy solution to this. One possibility, Klijnsma argued, is to limit ads containing dynamic scripts such as JavaScript, which are the preferred method to deliver malicious code.
For more info:
http://motherboard.vice.com/en_uk/read/the-downside-of-encrypting-everything-virus-filled-ads-are-harder-to-track
No comments:
Post a Comment