Forgot your password?
typodupeerror
Security The Internet News

Online Ads Are More Dangerous Than Porn, Cisco Says 110

Posted by samzenpus
from the watch-what-you-click dept.
wiredmikey writes "The popular belief is that security risks increase as the user engages in riskier and shadier behavior online, but that apparently isn't the case, Cisco found in its 2013 Annual Security report. It can be more dangerous to click on an online advertisement than an adult content site these days, according to Cisco. For example, users clicking on online ads were 182 times more likely to wind up getting infected with malware than if they'd surfed over to an adult content site, Cisco said. The highest concentration of online security targets do not target pornography, pharmaceutical, or gambling sites as much as they affect legitimate sites such as search engines, online retailers, and social media. Users are 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than if they'd gone to a counterfeit software site, according to Cisco's report (PDF). There is an overwhelming perception that people get compromised for 'going to dumb sites,' Mary Landesman, senior security researcher at Cisco, told SecurityWeek."
This discussion has been archived. No new comments can be posted.

Online Ads Are More Dangerous Than Porn, Cisco Says

Comments Filter:
  • by phaunt (1079975) * on Friday February 01, 2013 @05:36AM (#42759495)

    The summary, and the Security Week article, write that "Users are more 21 times more likely to get hit with malware from online shopping sites than if they'd gone to a counterfeit software site".

    Cisco's report says that "Online shopping sites are 21 times more likely to deliver malicious content than counterfeit software sites."

    Those statements are not equivalent. Online shopping sites have many more visitors than counterfeit software sites, so they have more opportunity to deliver malware. The same goes for the factor of 27 for search engines.

    Also, it's hard to check the factor of 182 for adult sites, since the report doesn't include that number, or in fact even the words "porn" or "adult".

    • by phaunt (1079975) * on Friday February 01, 2013 @05:40AM (#42759499)
      ...and Slashdot's title for the story that "Online Ads Are More Dangerous Than Porn" takes it still a level further. It's certainly not what Cisco said.
    • by wvmarle (1070040)

      Where Cisco's wording is really ambiguous. Deliver may mean indeed as you interpret it, the total number of successful infections, it may also mean the chance that if you visit that site, it gets you infected, which indeed would be my interpretation of the wording Cisco uses.

      And now I'd have to go read the report and look at the actual numbers and methodology they used, to figure out the actual meaning.

    • Those statements are not equivalent

      They're completely equivalent. The "than if they'd gone to a counterfeit software site" part takes care of that.

    • by Ol Olsoc (1175323)
      What is your dog in this fight?

      I'll assume that you hit the wrong link, and read something else, so here is from the article:

      It can be more dangerous to click on an online advertisement than an adult content site these days, Cisco said in its latest version of the yearly security threat report.

      An adult content website - that's probably porn.

      The highest concentration of online security targets do not target pornography, pharmaceutical, or gambling sites as much as they affect legitimate sites such as search engines.....

      Are you going to wordsmith this one> Yeah, it doesn't say "porn". It says "pornography. The section you quoted, below the sentence with pornography in the text, does speak of the counterfeit software site.

      But you know why they used the "counterfeit site metric don't you? Because of the uproar that would ensue if they used actual

  • The popular belief is that security risks increase as the user engages in riskier ... behavior online

    So security risks don't increase as I engage in risky behavior? How does that even work? If something doesn't increase risk, then it isn't risky. I can start downloading and executing everything I see without increasing security risks?

  • by Anonymous Coward on Friday February 01, 2013 @06:06AM (#42759595)

    It has been known for a long time that ads are a primary malware vector, this is the reason many sane people block them.

    • by RR (64484)

      It has been known for a long time that ads are a primary malware vector, this is the reason many sane people block them.

      That is not the primary reason why I block ads. I block ads because I can't stand all the dancing, jiggling, flashing, gray overlays, slowdowns, green links, and noises, when I want to read something. If I incidentally block all the ads, well, I don't have the time to make my own ad block list that blocks only the bad ad providers. I tried it before, and I'm not convinced that there are any benign ad services.

  • by K2tech (1685250) on Friday February 01, 2013 @06:23AM (#42759627)
    Well thats what I heard...from a friend...he doesn't have that many accounts...
  • I've noticed similar shadyness with Google ads and just about all "sponsored content" you see on websites. You see the bullshit tags like "Doctors angered at woman's self treatment" or links to sites that seem to do nothing more than try to scare you to invest. The internet is full of bullshit. Somehow, for some reason Google is one of the richest companies in the world because of it. I'd like to know, who actually clicks on this shit.
    • Re:Thanks Google (Score:5, Interesting)

      by History's Coming To (1059484) on Friday February 01, 2013 @07:16AM (#42759781) Journal
      Did you check out Google's information on government/police/court requests for info and takedowns in the UK? Around 4,000 incidents in total, and over 2,000 of them were regarding AdWords. Not Youtube, or Blogger, or G+ or Google Pages, but AdWords. Looks like they're well aware of the problems, to the point of government agencies taking regular action over it. Thing is, this is the thing that makes them an enormous amount of money...

      Full breakdowns by country here [google.com]
  • by Anonymous Coward

    Let's get rid of online ads then.

  • It is long known that ads may contain malicious parts - especially bits of javascript. It happened before that major ad servers got compromised, it will happen again. I recall reports that some ads were trying to infect an unsuspecting user directly, and such ads are displayed on sites all over the place, including personal blogs and lolcat sites.

    When clicking an ad you don't really know which site you're going to be sent to. When visiting a porn or a warez site, you normally go there intentionally. Those s

  • by Anonymous Coward

    next week cisco unveils a new enterprise-caliber ad-scrubbing internet gateway...

  • by jbmartin6 (1232050) on Friday February 01, 2013 @08:44AM (#42760183)
    This was always my response to the 'it is immoral to block ads' argument. I always said that if blah.com is hosting the ads itself I would be willing to allow them but as long as the content is from some unknown domain that I haven't chosen to trust, forget about it.
    • by deains (1726012)

      So do you block ads, or block content from unknown domains?

      • by green1 (322787)

        My ad blocking is accomplished by my DNS server, so it's not so much unknown domains as domains known to serve nothing but ads.

      • Not sure if this was your point or not, but I use Adblock. I am not that familiar with how it works, so it might be blocking some ads hosted by the same domain. In which case I would be an unwitting hypocrite. I'll probably check up on that at some point.
      • I block ads via noscript and request policy, not via adblock. So content from untrusted domains gets blocked, but not ads hosted by the site itself.
  • by erroneus (253617) on Friday February 01, 2013 @09:21AM (#42760517) Homepage

    I consider "Adblock" and similar browser and computer add-ons to be *security* tools as much as bandwidth and other management.

    Since the first time I noted browser exploits coming across common news and sales sites, I realized that the current model requires not trust of the sites we visit, but of the advertiser's sites... you know, like google and double-click and the others. I don't want to trust "unknowns" and so I block them unless I need them unblocked for access.

    • by Bieeanda (961632)
      What's worse is that ad networks will trade space between themselves. Even if a site is conscientious about the ads they show and the networks they're affiliated with, malware-laden ads can still filter through because of that promiscuity.
    • by drinkypoo (153816)

      I don't want to trust "unknowns" and so I block them unless I need them unblocked for access.

      If I have to unblock too many sites, I just don't use a site. Problem solved. Anything actually requiring doubleclick is evil and must be destroyed.

      Adblock and Noscript are necessities for security in a world in which the browser can't provide an adequate sandbox, which is the world we live in.

  • by TheRealHocusLocus (2319802) on Friday February 01, 2013 @10:00AM (#42760891)

    Actual context sensitive Google ads that I was too terrified to click on:

    "Ball lightning: Browse a huge selection now. Find exactly what you want today."

    "Ann Coulter Ringtone! Send this ringtone to your phone right now!"

    Made me toss my browser cookies it did. After you toss your cookies these things stop for awhile, then build once again to a crescendo. Lately I have been getting ads with garden gnomes leering suggestively.

    • Some years back I wrote a small essay about another potential scenario... not the generic malware threat but one targeted to certain individuals. If you have a secret to keep that is worth killing to protect, you buy some specific Google ad-words that attract the attention of independent investigators out there who might be getting close to the mark. Lure them in by presenting a false front and inviting collaboration. Then go for the kill and make it look like an accident. Hocus Locus: Information Land M [breakfornews.com]
    • Never underestimate the attraction of a suggestively leering gnome to the truely gullible!
  • Isn't this an advert for some cisco snakeoil?

  • by retroworks (652802) on Friday February 01, 2013 @01:01PM (#42762875) Homepage Journal
    Would the risks cancel each other out?
  • So. watching porn all year is just as dangerous as clicking two ads.

  • 'Users are 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than [if they weren't using Windows] ..

Ever notice that even the busiest people are never too busy to tell you just how busy they are?

Working...