The exploitation of online advertising networks by malware-flingers is expected to cause up to $1bn in damages by the end of this year, but despite ongoing regulatory efforts, it is not clear to whom the liability for these enormous losses will fall.

The increasingly sophistication with which online advertisers profile users has allowed those exploiting ad networks to hit victims with extraordinary cost-effectiveness. The way that ad networks sell impressions allows threats to target their payloads to recipients' earnings profile, to browser types, and to whether in-browser anti-virus solutions are active. These factors, coupled with a low barrier to entry for new customers, allows for criminals to reap high returns on their investments.

In particular, it is real-time bidding (RTB) – enabling advertisers to purchase and sell advertising inventory through a programmatic and automated auction process – that provides criminals with their economic platform. With RTB, customers need only pay for the auctions which they win. This has obvious efficiency benefits for the advertisers, whose business provides much of the finance behind online businesses, however it also provides an opportune environment for threat actors to elbow their way in.