01-11-17 | Blog Post
Malvertising, a portmanteau of “malicious” and “advertising” has quickly become popular with bad guys everywhere. Its first appearance was detected in 2007, and it’s been on the rise ever since. What makes this form of malware so popular?
Malvertising is more dangerous than typical malware because as an end user, you could be a victim without knowing it. According to Elad Sharf of Websense, malvertising attracts hackers because “they can easily spread across a large number of legitimate websites without directly compromising those websites.”
What is malvertising?
Malvertising targets third-party ad companies who host ads on websites, and the users who visit those sites. Why is it so dangerous? It can affect users with or without their interaction. Malicious ads can appear in two ways: The standard way, such as popups or alerts warning users of an infection in their system, which entices the victim to click to install “anti-virus” software—really just malware. The second way is when a user visits a site that happens to have malicious ads on it. They can become infected when a malicious script looks for vulnerabilities on the computer so it can download and execute a file on the system. This kind of drive-by download requires no clicking from the user.
How does malvertising attack advertisers? Website ads are bid for in real time, and whoever wins the bid gets the ad, regardless of who the buyer is. Many of these transactions are automatic, and the seller may not know the buyer. Criminals take advantage of this by bidding for ads and triggering the delivery of malicious payloads when their bids win.
Reputable websites are increasingly hit with these types of attacks, and sites such as The New York Times, Forbes (ironically after asking readers to disable their ad blocker software) and Spotify have all fallen victim to malvertising campaigns. In the case of the New York Times, criminals posted legitimate ads for a week prior to gain the trust of the paper before sending bad ads.
Mobile attacks
Malvertising has also been linked to mobile devices, specifically Android, meaning it has crossed over into the mobile world. While mobile malvertising is still relatively new, it is inevitable that it will be as big a problem as it currently is with everyone using mobile devices all the time. Link any stories of malvertising attacks on phones if possible.
What’s the link between malvertising and ransomware?
One of the most popular methods for getting ransomware installed on a victim’s computer is through malvertising. Once the ransomware is downloaded, it goes to work encrypting the victim’s files, and before they know it, they’ve been locked out without even clicking on a link.
How do you protect yourself against malvertising?
It sounds like you’re helpless to protect yourself against malvertising, but that’s not true. One of the most important steps you can take to protect yourself is to install an ad blocker to keep ads from loading onto your browser in the first place (and get a cleaner user experience to boot). Also make sure your Flash and Javascript plugins are up to date. Criminals exploit vulnerabilities in those programs more often than not, and keeping them up to date helps keep you secure. There are also browser extensions or plugins that detect malware and alert you to any threats or suspicious files. Don’t ignore anti-virus software; if you click on an ad or are the victim of a drive-by download, your AV can stop those files from executing on your computer.
Don’t take malvertising lightly, because unfortunately, it’s not likely to go away any time soon. It’s so effective because it can affect a wide swath of users without any interaction necessary. But don’t fret! You can help protect yourself against malvertising. If you install an ad blocker, keep your plugins patched and up to date, and have anti-virus software, you are taking important steps to mitigate the risk posed by these kinds of threats.