|
|
|
|
|
|
by rcxdude
2306 days ago
|
|
|
Even if you have a zero-day exploit for a browser, you still need to get that exploit to your victims. Ads are the easiest way to get custom media and javascript into as many browsers as possible. Ptherwise, you need to tempt users to your malicous site or find an exploit in a widely used site to get your payload to users (since most sites do not allow users to post arbitrary HTML, CSS or javascript). Ad networks are supposed to vet ads to make sure they are safe, but they're bad at it and the system is not set up to make it easy (ads are dynamically generated by whoever's buying them as the page loads). |
|
|