GeoEdge Releases Security Report about HTML5 Susceptibility to Malware in Video Ads

Share Article

The security report details why HTML5 replacing Flash for more secure ads won’t stop malvertising

News Image
Cyber-criminals will continue to build malvertising campaigns because the payout is high and their risk low,” said Sagi Elgavi, VP of R&D. “It is our mission to protect companies and their users from the nonstop barrage of attacks, whatever the source.

GeoEdge, the premier ad security and verification company, has released their latest security report, Security Aspects of Flash, HTML5, and Video in the Ad Tech Industry. In the report, GeoEdge examines the latest malvertising attacks and explores Flash and HTML5 vulnerabilities that allow for malicious code insertion.

For the last several years, Adobe Flash has become an enemy of the online community with more than 300 vulnerabilities found in Flash Player during 2015 alone, making it the most vulnerable PC software of the year. These vulnerabilities have been, and continue to be, heavily used by cyber criminals in some of the most dangerous and prevalent malvertising attacks today. In response to the problems with Flash, the community has turned to HTML5, considered the more secure option. However, GeoEdge reports that the use of HTML5 will ultimately not prevent malvertising attacks.

Summary of findings:

  • There are many techniques for malvertising infection that don't require the use of Flash in the ad creative.
  • Even with HTML5 video ads, malicious code could be inserted into the ad itself or VAST parameters.
  • One of the key features of malware attacks is an inserted JavaScript code. JavaScript is the base language for HTML5, so malicious code can be packaged in HTLM5 without much difficulty.
  • Cyber-criminals can insert malicious code because of third-party code allowance. There is nothing to prevent an attacker from injecting a malicious URL using third-party code into the VAST or XML, or from direct injection of a malicious ad unit into the site’s self-designed video player. (Other options exist which are just as effective.)

“Cyber-criminals will continue to build malvertising campaigns because the payout is high and their risk low,” said Sagi Elgavi, VP of R&D. “It is our mission to protect companies and their users from the nonstop barrage of attacks, whatever the source, be it Flash, HTML5 or JavaScript injections.”

GeoEdge provides publishers, platforms and networks with full-scale malware protection, specializing in comprehensive video ad scanning.

About GeoEdge
GeoEdge is the premier provider of ad security and verification solutions for the online ‎and mobile advertising ecosystem. The company ensures high ad quality and verifies that sites ‎and apps offer a clean, safe, and engaging user experience. GeoEdge guards against non-‎compliance, malware (malvertising), inappropriate content, data leakage, operational, and performance ‎issues.‎

Leading publishers, ad platforms, exchanges, and networks rely on GeoEdge’s ‎automated ad verification solutions to ‎monitor and protect their ad inventory. To find out how ‎GeoEdge can enhance your quality assurance and verify your online and mobile campaigns, ‎head to ‎http://www.geoedge.com.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Eliana Vuijsje
GeoEdge
+1 855-436-3343
Email >
@GeoEdgePro
since: 09/2011
Follow >
GeoEdge

Visit website