Malvertising is a serious threat to your online security. It comes in several forms but at it’s most insidious it gives no warning when it arrives and all you have to do to get infected is visit a website. You don’t have to click anything, you don’t have to mouse over anything, you don’t have to interact with the website in any way. All you have to do is open a webpage and a malvertising-infected ad will launch a drive-by download that can put your computer in a world of hurt.

What kind of webpage carries this nasty stuff? The New York Times NYT -0.43%, the London Stock Exchange , AOL AOL +%, MSN, Yahoo YHOO -0.41%!,  Spotify, The Onion, the BBC, the Weather Network and the NFL have all unknowingly spread malvertising.

How does malvertising work?

Malvertising is a carrier that doesn’t threaten your computer directly. Instead, a malvertising-infected ad opens up a channel to criminal servers that launch an attack. The servers download exploit kits that analyze your system for security vulnerabilities and install malware that targets any security flaws that are found. Security vulnerabilites are most often found in browsers, browser plug-ins, and operating systems. Java and Adobe’s Flash are the usual suspects.

The malware can be spyware, a keylogger, anything that benefits cybercriminals at your expense. According to Malwarebytes , a company that sells security software, it’s estimated that 70% of recent malvertising attacks are delivering ransomware. Ransomware can range from pop-up windows that tell you to follow a link to save yourself from a virus, to code that encrypts your files or locks up your system and demands payment in return for a key that will unencrypt your files or return control of your computer to you.

 

How do ads infected with malvertising get on reputable websites?

Malvertsing code is often hidden in iframes. Iframes are HTML elements that allow a document (such as an ad) to appear inside another document (the main content) on a webpage. Ads on webpages appear in iframes because the ad in the iframe can be changed without affecting the rest of the page.

Malvertising gets on reputable, high-traffic websites by gaming the system that places ads on the internet.  Advertisers place ads with ad networks and the networks serve the ads to individual websites. The advertisers bid in real time for ad placement. The ad networks handle the bidding process and serve the winners’ ads.

The cybercriminals that run malvertising schemes either place their own ads with ad networks or run their own networks. They run clean ads for as long as it takes to develop a reputation that is good enough to allow them to place ads on high-traffic websites. Once they have access to the high-traffic sites, they insert malvertising code in iframes that carry their ads.

What can you do about it?

Here are four steps you can take to protect yourself against malvertising.

1. Install an antivirus program that will identify and neutralize exploit kits. If your antivirus program can’t handle exploit kits, install a program like Malwarebytes’ Anti-Exploit. These programs do not keep malvertising out of your computer. Instead, they monitor browser and plug-in operation and block exploit kits that are probing for security vulnerabilities.

2. Uninstall browser plug-ins you don’t use and set the rest to click-to-play. Browser plug-ins, especially Java and Adobe’s Flash, are usually the most vulnerable elements in your system. Check which plugs-ins you have installed and delete any that you do not use. Set the plug-ins you want to keep or are unsure about to click-to-play. With click-to-play enabled, you will get a message or an icon on the screen when you load a webpage that wants to load a plug in. You can decide on a case-by-case basis whether or not you want the plug-in to run. In many cases you can do whatever you came to the website to do without running the plug-in. In some cases it can be a hassle if the website won’t give you what you want without the plug-in. It’s a small price to pay, however, when compared to the catastrophes that malware can bring. How-To Geek has an excellent guide that walks you through the process of enabling click-to-play on Chrome, Internet Explorer, Firefox, Safari and Opera.

3. Make sure your browsers, plug-ins and operating systems are kept up-to-date. Out-of-date browsers, plug-ins and operating systems almost always contain security vulnerabilities and if those vulnerabilities are there, the exploit kits will find them. The simplest way to minimize these problems is to keep your software up-to-date.

4. Install an ad blocker but before you do it, be aware that ad blockers are controversial. On the one hand, they will stop a lot of malvertising although  they won’t eliminate all of it. On the other hand, many ad blockers block a lot more than ads and they can break a website by blocking necessary content such as the check-in screen on an airline’s website. In addition, most websites live on ad revenue and widespread adoption of ad blockers will put them out of business. Some websites (including Forbes) limit or prevent access to content if an ad blocker is detected. These sites request that users whitelist the site in their ad blocker. Sometimes, the ad blockers block the request.

Malvertising is dangerous and it’s use is on the increase because it can be very effective. You will continue to be exposed to malvertising-infected ads unless you completely abandon the internet. You can, however, take action to combat malvertising by following the steps outlined above.

…read more

Source: Forbes

Thanks Forbes and for reading Malvertising

IMAGE: HelpNetSecurity “Malvertising campaign hits MSN.com, NY Times, BBC, AOL

Help Support Our Work

Like and Share on our Facebook page