‘Half of overlay ads on free streaming sites are malicious’
The iMinds research center affiliated with KU Leuven has conducted a study together with the American Stony Brook University into the risks of free live streaming sites. It shows that fifty percent of the overlay ads on those sites are malicious.
To carry out the research, the universities developed a semi-automatic tool with which they identified the live streaming sites. In this way, they found a total of 23,000 sites, which, among other things, offer streams of live and sporting events. The sites belonged to 5,600 domain names, twenty percent of which appear in the Alexa ranking of the Internet’s 100,000 most popular sites. However, the researchers cite no examples.
The researchers visited these domain names a total of 850,000 times, yielding a collection of more than 1TB of data. They concluded that half of all overlay ads redirect visitors to malicious sites that distribute malware. Such an overlay could, for example, consist of a fake close button that can be seen above the stream’s playback window, the researchers explain. If a visitor clicks on it, he is redirected and asked to install software. Often this malware pretends to be necessary for those who want to watch the stream.
The malicious internet pages often look like the streaming site itself in an attempt to mislead the visitor, the researchers say. In addition, it turned out that Chrome and Safari are more susceptible to these types of attacks than other browsers. Zubair Rafique, researcher at the Department of Computer Science at KU Leuven, explains this phenomenon because attackers target the most popular browsers. The investigation also found that live streaming sites contain anti-adblock scripts, which detect and attempt to disable ad blockers.
Ad blockers are generally a useful defense against malicious ads. The researchers have developed a tool to warn visitors of risky sites. It can also be used by other researchers to detect and identify live streaming sites. The researchers are not disclosing anything about the exact functioning of the tool. They are only announcing that they want to make these available to the public in the future. At the moment the tool is only available for students of KU Leuven.