Malvertising: When Online Ads Attack

The cybercriminals who use malvertising (malicious advertising) as a way to victimize unsuspecting users are like good filmmakers who know how to match a score for a particular scene, like how they can bring us to the edge of our seats in a matter of seconds. Similar to how a film’s score and soundtrack is developed to match the mood, attackers can orchestrate their ads based on your online profile and preferences to lure users into clicking on malvertisements. Before you know it, they've got you. Since some users consider online ads harmless (or at the very least, simply as an annoying part of online life), and because malvertising attacks rely on a trusted destination as a lure, it's easy to see why this scheme is effective.

The scary thing about these ads is that the malware is cleverly hidden behind the scenes, but the finale usually involves tampered accounts, identity theft, and financial loss.

How does Malvertising work?

Unfortunately, users aren’t the only victims here, but advertisers as well since both online ad networks and mobile networks allow advertisers to track location, information, and other user details. As the online advertising ecosystem is increasingly being used by cybercriminals to target users via malvertising, users can encounter them every so often on online shopping sites, digital news hubs, social media platforms, and gaming portals.

Malvertising can infect a user in two ways. In the first scenario, the user has to click on the ad to get infected. The malicious ads appear as pop-ups or alert warnings. These social engineering tactics prompt users to install malware themselves by clicking on the ads. The second scenario involves drive-by download methods wherein the user becomes infected by simply loading a Web page with malicious ads on it. The ads contain a script that looks for vulnerabilities to download and execute a file on the victim’s system. This ultimately leads to the installation of info-stealing malware.

Malicious Bidding

As mentioned above, advertisers are also inadvertently victimized by malvertisements via malicious bidding. Cybercriminals resort to targeted malvertising to avoid older security controls. Essentially, cybercriminals send booby-trapped ads to ad networks for their real-time bidding process. When the ad wins the bid, it propagates in real-time through several publishers and trigger the malicious payload.

Staying alert and preventing malvertising

Malvertising has become a tough security issue to solve, and staving them off will require the concerted defense of ad networks, Web admins, business, and consumer audiences. However, being aware of how these threats work can help mitigate likely attacks. First, it is important to use security software such as smart sandboxes to help find and detect malicious behavior. It’s also critical to keep your Web browsers and plugins such as Adobe Flash or Java up-to-date to alleviate risks. Additionally, products that use file and web reputation detection can also block the redirection chain and detect payloads.

Secondly, enabling an ad-blocking browser plugin is also an effective way to lessen the risks. However, ad and script blockers will also kill legitimate ads and may prevent the Websites you visit from earning revenue. Finally, set your browsers to flag malicious content. You can find an option in Google Chrome under Privacy Settings “Enable Phishing and Malware Protection”. Avoiding pop-up ads and staying away from random messages and unverified links are also a good way to lessen the risks posed by this type of threat.  


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.