Knowing your enemy: Understanding and detecting malicious Web advertising

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2012, Pages 674-686

  Li, Zhou ^a   Zhang, Kehuan ^a,c   Xie, Yinglian ^b   Yu, Fang ^b   Wang, Xiao Feng ^a  

^a INDIANA UNIVERSITY   (United States)

^b MSR Silicon Valley ^*  (United States)

^c CHINESE UNIVERSITY OF HONG KONG   (Hong Kong)

Author keywords

Malvertising; Online advertising; Statistical learning

Indexed keywords

CLICK FRAUD; DELIVERY PROCESS; DETECTION RULES; DETECTION SYSTEM; FALSE DETECTIONS; MALVERTISING; MALWARES; MICROSOFT; ONLINE ADVERTISEMENTS; ONLINE ADVERTISING; PROMINENT FEATURES; RELATED CONTENT; STATISTICAL LEARNING; WEB ADVERTISING;

CRIME; MARKETING; SECURITY OF DATA;

COMPUTER CRIME;

EID: 84869390927     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2382196.2382267     Document Type: Conference Paper

References (37)

1. Adblock plus. http://adblockplus.org/en/.
2. Display network google ads. http://www.google.com/ads/displaynetwork/.
3. Wordpress, blog tool, publishing platform, and cms. http://wordpress.org/ .
4. Adobe. Adobe flash platform. http://www.adobe.com/flashplatform, 2011.
5. P. F. Brown, P. V. deSouza, R. L. Mercer, V. J. D. Pietra, and J. C. Lai. Class-based n-gram models of natural language. Computational Linguistics, 18:467-479, 1992.
6. S. K. Cha, I. Moraru, J. Jang, J. Truelove, D. Brumley, and D. G. Andersen. SplitScreen: enabling efficient, distributed malware detection. In Proceedings of the 7th USENIX conference on Networked systems design and implementation, NSDI'10, page 25, Berkeley, CA, USA, 2010. USENIX Association.
7. M. Cova, C. Kruegel, and G. Vigna. Detection and analysis of drive-by-download attacks and malicious javascript code. In Proceedings of the 19th international conference on World wide web, WWW '10, pages 281-290, New York, NY, USA, 2010. ACM.
8. D. Crockford. Adsafe. http://www.adsafe.org.
9. B. Edelman. Benjamin edelman - publications. http://www.benedelman.org/ publications/, July 2012.
10. M. Finifter, J. Weinberger, and A. Barth. Preventing capability leaks in secure javascript subsets. In NDSS. The Internet Society, 2010.
11. D. Fisher. Google removes .co.cc subdomains over phishing, spam concerns. http://threatpost.com/en-us/blogs/google-removes-cocc-subdomainsover-phishing- spam-concerns-070611, 2011.
12. S. Ford, M. Cova, C. Kruegel, and G. Vigna. Analyzing and detecting malicious flash advertisements. Computer Security Applications Conference, Annual, 0:363-372, 2009.
13. M. Gandhi, M. Jakobsson, and J. Ratkiewicz. Badvertisements: Stealthy click-fraud with unwitting accessories. Journal of Digital Forensics Practice, 1(2), 2006.
14. Google. What is an ad tag? - doubleclick for publishers help. http://support.google.com/dfp-premium/bin/answer.py?hl=en&answer=1131465.
15. S. Hao, N. A. Syed, N. Feamster, A. G. Gray, and S. Krasser. Detecting spammers with snare: spatio-temporal network-level automatic reputation engine. In Proceedings of the 18th conference on USENIX security symposium, SSYM'09, pages 101-118, Berkeley, CA, USA, 2009. USENIX Association.
16. J. P. John, F. Yu, Y. Xie, A. Krishnamurthy, and M. Abadi. deseo: combating search-result poisoning. In Proceedings of the 20th USENIX conference on Security, SEC'11, pages 20-20, Berkeley, CA, USA, 2011. USENIX Association.
17. C. Larsen. Busting a big malvertising / fake-av attack. http://www.bluecoat.com/security/security-archive/2011-07-25/ busting-bigmalvertising-fake-av-attack-0, July 2011.
18. K. Levchenko, N. Chachra, B. Enright, M. Felegyhazi, C. Grier, T. Halvorson, C. Kanich, C. Kreibich, H. Liu, D. McCoy, A. Pitsillidis, N. Weaver, V. Paxson, G. M. Voelker, and S. Savage. Click Trajectories: End-to-End Analysis of the Spam Value Chain. In Proceedings of 32nd annual Symposium on Security and Privacy. IEEE, May 2011.
19. M. T. Louw, K. T. Ganesh, and V. N. Venkatakrishnan. Adjail: practical enforcement of confidentiality and integrity policies on web advertisements. In Proceedings of the 19th USENIX conference on Security, USENIX Security'10, pages 24-24, Berkeley, CA, USA, 2010. USENIX Association.
20. L. Lu, R. Perdisci, and W. Lee. Surf: detecting and measuring search poisoning. In Proceedings of the 18th ACM conference on Computer and communications security, CCS '11, pages 467-476, New York, NY, USA, 2011. ACM.
21. L. Lu, V. Yegneswaran, P. Porras, and W. Lee. Blade: an attack-agnostic approach for preventing drive-by malware infections. In Proceedings of the 17th ACM conference on Computer and communications security, CCS '10, pages 440-450, New York, NY, USA, 2010. ACM.
22. McAfee. Mcafee web gateway. http://www.mcafee.com/us/products/webgateway. aspx#vtab-Benefits, 2011.
23. B. Miller, P. Pearce, C. Grier, C. Kreibich, and V. Paxson. What's clicking what? techniques and innovations of today's clickbots. In Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment, DIMVA'11, pages 164-183, Berlin, Heidelberg, 2011. Springer-Verlag.
24. F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. Cross-site scripting prevention with dynamic data tainting and static analysis. In In Proceeding of the Network and Distributed System Security Symposium (NDSS'07), 2007.
25. A. NS. Blackhole exploit kit 1.0.2. http://www.airdemon.net/blackhole. html, 2011.
26. R. Petnel. The official easylist web site. http://easylist.adblockplus. org/en/.
27. N. Provos, P. Mavrommatis, M. A. Rajab, and F. Monrose. All your iframes point to us. In Proceedings of the 17th conference on Security symposium, pages 1-15, Berkeley, CA, USA, 2008. USENIX Association.
28. B. Stone-Gross, R. Stevens, R. Kemmerer, C. Kruegel, G. Vigna, and A. Zarras. Understanding fraudulent activities in online ad exchanges. In Proceedings of Internet Measurement Conference, IMC '11, 2011.
29. Sucuri. Mass infection of wordpress sites due to timthumb. http://blog.sucuri.net/2011/08/massinfection-of-wordpress-sites- counterwordpress-com.html, 2011.
30. K. Thomas, C. Grier, J. Ma, V. Paxson, and D. Song. Design and evaluation of a real-time url spam filtering service. In Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP '11, pages 447-462, Washington, DC, USA, 2011. IEEE Computer Society.
31. TrendLabs. Follow the money trail. http://blog.trendmicro.com/follow- themoney-trail/, March 2012.
32. A. VANCE. Times web ads show security breach. http://www.nytimes.com/ 2009/09/15/technology/internet/15adco.html, 2009.
33. Y. Wang, D. Burgener, A. Kuzmanovic, and M.-F. Gabriel. Understanding the network and user-targeting properties of web advertising networks. In ICDCS, pages 613-622, 2011.
34. Whois.net. Whois lookup - domain names search, registration, & availability. http://www.whois.net/, 2011.
35. Y. Xie, F. Yu, K. Achan, R. Panigrahy, G. Hulten, and I. Osipkov. Spamming botnets: signatures and characteristics. In Proceedings of the ACM SIGCOMM 2008 conference on Data communication, SIGCOMM '08, pages 171-182, New York, NY, USA, 2008. ACM.
36. ZenithOptimedia. Global ad expenditure to return to pre-recession peak level this year. http://www.zenithoptimedia.com/files/media/image/news/ Press%20Release%20files/2011/July/Adspend%20forecasts%20July%202011.pdf, 2011.
37. J. Zhang, C. Seifert, J. W. Stokes, and W. Lee. Arrow: Generating signatures to detect drive-by downloads. In Proceedings of the 20th international conference on World wide web, WWW '11, pages 187-196, New York, NY, USA, 2011. ACM.