A newly discovered redirected advertising attack methodology has been abusing sandboxed iFrames in order to go undetected by those solutions that employ blacklisting to block malicious ads the research team at GeoEdge has found.
Described by GeoEdge as a malicious ad vulnerability, it also exploits the Video Player Ad-serving Interface Definition (VPAID) format that is increasingly popular thanks to the interactivity it brings to advertising. VPAID itself also brings geo-targeting, video click-throughs and improved ad-tracking metrics. The main problem associated with the VPAID format has always been one of latency, but malvertising must now also be considered moving forward.
While malware within video is a very unusual attack methodology, GeoEdge researchers have been seeing an increase across the last year. GeoEdge warns that attackers are exploiting the tag for redirecting adverts being encoded in a sandboxed cross-origin iFrame that makes it all but impossible to find them to blacklist a malicious ad.
The problem is that sandboxed iFrames provide a dedicated space for the ad network to insert these encoded ad codes within the inline frame on the publisher’s page. This is a good thing in that it allows an iFrame to present adverts using JavaScript without exposing user data. It's a bad thing, GeoEdge says, because the iFrame also enables malvertisers to serve those malicious auto-redirect ads encoded within.
GeoEdge researchers decoded the specific tag to uncover the malicious auto-redirect ads, and warn that as programmatic advertising involves multiple players, this task becomes onerous as each tag has to be decoded as it passes through the programmatic chain.
"We see growing sophistication among malvertisers who currently use more advanced forms of programmatic ads and are trying out platforms that they ..
Support the originator by clicking the read the rest link below.
