Last week, Forbes came out with their list of 2015’s notable “30 Under 30”, where it featured a prominent security researcher. Eager to read about one of their own, other researchers visited the site and were instructed by Forbes to disable ad blockers in order to view the article. After doing so, readers were immediately served with malicious pop-up ads—poised to ultimately install malware on systems and steal information. This reminds us of similar attacks that involved malicious ads that redirect victims to other websites or pages that covertly installed malware onto visitors’ computers.
While it certainly is ironic that visitors got compromised after they were asked to turn off ad-blocking software, it's not a new thing. Attackers have been slipping malicious ads onto major websites over the past few years, and have potentially compromised a large number of their visitors' systems.
Every so often, users come across ads that could be distracting—or downright annoying—especially when they get in the way of the articles and videos they’re viewing. Yet these online ads could be much more than nuisances. Cybercriminals can spread malware via advertisements that can infect browsers and computers. These ads, also dubbed as “malvertising”, take advantage of flaws in the software you’re using to embed malware that could steal passwords, banking information, and personal data.
While some ads can be vexing, they are not inherently bad. Companies rely on them to maintain their presence in the market and attract new customers, while some websites are buoyed by their advertising revenue. Unfortunately, cybercriminals take advantage of ad-supported websites and advertising networks to spread malicious Flash exploits and other bits of malicious code—even going as far as paying the ad network to distribute them along with legit advertisements.
The real problem with malvertising, however, isn’t the ads themselves, but vulnerable software on users’ systems that could be compromised just by clicking on links to malicious websites. Even if all the ads are eliminated from the web, the core problem would remain. This is why it’s important for users to be aware of how these threats can wreak security problems. Here are a few tips on how to defend against malicious ads: