Hackers are increasingly slipping malicious software into online advertising, creating risks for the Internet economic model, security researchers said Tuesday.

A report presented at the Black Hat security conference said "malvertising" has become increasingly prevalent and difficult for users to detect.

"Malvertising victims are infected with malware in the course of their normal Internet browsing and therefore have no idea where or how they were infected," said the report presented by Cisco security researchers.

"Tracing the source is next to impossible, because the ad that delivered the malware has long since disappeared."

The Cisco researchers say the problem is especially thorny because almost any website can be infected with a "drive-by" ad and may not be detected either by the website operator or ad network.

"A malvertiser who wants to target a specific population at a certain time -- for example, soccer fans in Germany watching a World Cup match -- can turn to a legitimate ad exchange to meet their objective," the report said.

"Just like legitimate advertisers, they contact companies that are gatekeepers for the ad exchanges. They will pay up front for the advertising, perhaps $2,000 or more per ad run, and instruct the companies to tell the ad exchanges to serve the ads as quickly as possible, leaving little or no time for the ad content to be inspected."

Cisco said malvertising appeared to be used to distribute viruses which lock up a user's computer until he or she agrees to pay a fee -- a system known as "ransomware."

The report said malvertising is a potentially huge problem because it could disrupt the massive market for online advertising.

"Internet advertising, annoying as it can be for users, is important because it allows people to freely consume the vast majority of the Web," the report said.

"If that model were to change or people were to stop trusting Internet advertising altogether, the repercussions for the Internet would be monumental."

The warning came in Cisco's mid-year security report presented at the Las Vegas conference. The document also pointed to numerous vulnerabilities in corporate networks that may be exploited, including outdated software, bad code and abandoned digital properties.

rl/vlk

CISCO SYSTEMS