Ecommerce sites infecting unsuspecting customers

A huge 15% to 30% of online shoppers worldwide have been infected by malware from otherwise legitimate ecommerce sites, with the issue being particularly marked in the travel and luxury goods world.

The problem, of which most chief marketing officers and heads of ecommerce are apparently unaware, relates to a relatively unknown kind of malware called Client-Side Injected Malware (CISM), which has grown rapidly in prevalence over the last two years - and particularly over the last six months when attacks have increased by 20%.

CISM comprises widgets in the shape of product recommendations and deals, adverts and spyware scripts that are injected maliciously into ecommerce sites and generally look like legitimate overlaid advertisements – only they lead consumers away from the website to make their purchase elsewhere. Shoppers typically download such malware without realising it either through bundled apps or malicious browser extensions.

Injected ads are the most common manifestation of CISM and, according to new research by online security firm Namogoo, were estimated to make up a $7 billion market in 2014.

The company claimed that perpetrators range from “lone developers in emerging markets to large public companies operating in the grey area of the law, while siphoning off millions in ecommerce traffic and revenue from unsuspecting brands”.

The most vulnerable were travel and luxury goods websites as consumers in those areas were found not only to be more likely to click on an injected ad, but also tended to make larger purchases.

Ohad Greenshpan, Namogoo’s co-founder and chief operating officer, said: “Even in the industry, where Google recently claimed that roughly 5.5% of people visiting Google sites were seeing injected ads, the numbers we see are significantly different. We’ve found it to be much, much higher. About 15% to 30% of all internet users, or the equivalent of 900 million people worldwide, are actually infected.”

He added that the firm had already identified more than 25,000 ad injector signatures, with an average of 200 new ones appearing daily.

As a result, to try and combat the threat, the start-up has developed new technology that scans millions of webpages and creates malware injection blocking rule sets in real-time. These rule sets are provided to ecommerce customers as a single line of code that effectively stops CISM from working.