As a part of the Privacy and Democracy Project, we use some technical terminology to describe particular phenomena. This page contains definitions for objects like attack vectors so that readers can better understand the content of the articles that catalog the findings of the study.
*Update, May 10, 2021*: In light of more a comprehensive naming pattern, the categories of malware that we describe in this project will go by revised names from here forward. Where applicable, readers can understand how the new naming pattern maps onto the old pattern by citing the parenthetical entries next to each category name.
1.) Malicious Redirect (previously known as Heuristics): “This content has been seen consistently, and overwhelmingly, redirecting to malicious content. This malicious content encompasses all aspects of malware and is not limited to any specific type.”
2.) Suspicious (also previously known as Heuristics): “This content matches previous patterns and characteristics of known malicious actors. This flag is specifically placed to discover and locate previous heuristics on new and modified versions of existing threats.”
3.) Software Install Prompt (previously known Browser Add-Ons and Plug-ins (PUP) and Fake Software Download Prompts): “This content leads to malicious and unwanted activity in the form of fake software updates which will then install malicious programs such as toolbars, adware, or other forms of malware onto the user’s computer.”
4.) Scams (includes COVID-19 Scams and other scam-based attacks): “This content is believed to be scam related content around enticing users to enter in personal information for retargeting and reselling purposes and/or to the selling of products which deliver false claims.”
5.) Phishing: “This domain has been seen to auto-redirect to popups and phishing attempts in the form of fake surveys and may also result in re-directions to other malicious content. This invasive content forces the user to a new page and produces content that cannot easily be closed, if at all. These fake surveys are a scamming method used to entice people into clicking a fraudulent link.”
6.) Impression/Click Fraud: “The delivery method for this campaign will piggyback extra content. This extra content gets delivered when the creative is delivered and is acting in a fraudulent manner that includes, but is not limited to, cookie stuffing and impression fraud. This content will execute additional domains which have the potential to load malicious code.”
7.) Compromised Content: “The content delivered has been compromised because it is directly involved in delivering malicious activity including but not limited to, malicious redirections, popups, fake software updates, and exploit kits. A malicious actor has altered or injected malicious code leading to the malicious behavior. The content is considered malicious and will be flagged until the malicious code has been removed.”
8.) Cloaking: “A delivery technique used to hide its true intentions. The ad server delivers a known malicious threat when the correct geo, browser and/or device are met. If the correct user is not met the ad delivery will remain clean with no malicious delivery taking place. When correct conditions are met the user is typically redirected to fake websites and fake advertisements enticing people to click into them for the payload to be delivered (click-bait). A major payload method is fake celebrity endorsements delivering BitCoin content.”