Background Image

MALVERTISING MAKES ITS WAY TO MAJOR SITES

Digital Citizens, Tuesday, February 10, 2015

You’ve seen the ads that appear on the top or along the side of most websites. Most sites make the majority of their profits from selling this ad space. As long as the ads are legitimate, this is standard practice on the Web today and is part of what makes it possible for people to bring fresh, innovative content to the Web without having to charge big user fees for people who want to visit their sites.

Unfortunately, these ads aren’t always on the up-and-up. The problem isn’t with online advertising in principle—it’s with how some bad actors manipulate the system to take advantage of unsuspecting victims.

Malvertising on the Rise

If you’ve visited major sites like Huffington Post, AOL, or LA Weekly in the past few months, you may have been exposed to advertising with malicious intent—aka malvertising.

According to this story, these malicious advertisements “automatically redirect victims to other websites or pages that silently attack their computer and install malware.” Rather than being confined to illicit websites, malvertising is making its way to the mainstream now as cyber criminals look for new ways to target large numbers of computers simultaneously. Here’s how it works:

  • A user clicks on what appears to be a legitimate advertisement.
  • The user is then redirected several times before ending up on a page hosting “an exploit kit, an attack tool that scans for software vulnerabilities.”
  • Once a vulnerability has been detected, the site automatically installs malware on the user’s computer.
 
A (Not So) Silent Threat
 
Malware installed via malvertising can lead to any number of issues. Sometimes, it may simply slow down a computer. In other cases, hackers can use malware to steal personal information, gain access to emails or bank account information, steal users’ identity, or hold their computers hostage.

Perhaps most disturbing is the fact that “in some cases, the user has to click on the ad to be infected with the malicious software. In other cases, simply having it appear in the browser is enough.” Even with vigilance and awareness, malvertising still poses a direct threat to users—regardless of whether you fall for the fake ads or not.

What You Can Do

Fortunately, there are a number of things you can do to protect yourself from malvertising:

  • Make sure your web browser, browser plugins, and operating systems are up-to-date.
  • Change your browser settings to “click-to-run” so Flash ads don’t play automatically, or disable Java (not JavaScript).
  • Install and keep current trusted antivirus software—“even on a Mac”—to recognize and stop malware from installing.
 
In our digital age, cyber criminals are always evolving, which means the nature of their attacks is constantly shifting. Malvertising is just the latest in a long line of underhanded tactics criminals use to exploit uninformed digital citizens. As with many digital threats, seniors and children are often the most vulnerable to malvertising, so if you’re not the only person using your computer or home network, you need to make sure your loved ones also understand the challenge and know what to watch for.
 

Check out this article for more tips to help protect yourself and your loved ones against malvertising.
 
<< Go Back
INVESTIGATIVE REPORTS
on Internet Safety DIGITAL CITIZENS BLOG
View the Latest SPREAD THE WORD
Tell Your Friends