Real-Time Bidding Gone Bad Thanks to Ransomware Threat

Real-Time Bidding Gone Bad Thanks to Ransomware Threat

Over the last couple of years, real-time bidding (RTB) has become quite popular around the Internet. It is a form of programmatic marketing that relies on software and algorithms. Researchers recently warned digital marketers that malware attackers are starting to take advantage of RTB campaigns in order to impose ransomware on users.

Real-Time Bidding and Digital Marketing

Shortly said, an advertiser who uses RTB can buy ahead impressions on a website, bypassing unnecessary paperwork. RTB was first introduced about ten years ago when advertisers used to bid for search terms entered by users while search engine companies proposed relevant ads next to the search results.

How Does an RTB Campaign Happen?

Firstly, a group of buyers arranges bids for a certain amount of ad impressions on definite websites in advance. The whole process involves certain demographic characteristics. When a user demands an ad, the Ad Exchange grants the highest bidder who matches the user’s demographic portrait. Finally, the ad belonging to the auction winner is displayed. Naturally, the whole procedure happens in real-time.

What Might Go Wrong?

The ad servers thanks to which RTB functions may be either legit or rogue. The second ones are controlled by attackers. When an ad server is compromised, the ads proposed to users may be malicious. If someone clicks on a ‘badly-gone’ ad, all their information is sent back to the Ad Exchange, including geo-location, operating system, and browser specifications.

SWF (standing for small web formats, a kind of Adobe Flash Player file format) files and additional scripts are loaded on the returned page. The catch is that one of these SWFs is meant to exploit an Adobe Flash vulnerability (CVE-2014-0569) that has been patched last October.

In the worst possible case, Cryptowall or one of his malicious cousins enters the user’s computer.
Fortunately, not every payload is mischievous since some of them bring upon harmless files.