Every morning, without fail, you log onto your computer and check your emails, read the news, and have a look at your social media accounts. While you do this it is likely that you’ll come across a few pop-up advertisements which you quickly close as they do little more than annoy you.
However, it’s likely that you haven’t stopped to think that these annoying ads could install a malware onto your computer without you, or the company that manages banners and advertisements, even realizing it.
Malvertising is the name that has been given to this technique that is quickly gaining popularity with cybercriminals. According to security experts, Malvertising has grown by 325% in the last year alone.
As opposed to Adware, which fills your pages with toolbars that aren’t usually malicious, cybercriminals use Malvertising to hide malicious coding in an advertisement and it isn’t even necessary for you to click on it to become infected.
How they carry out this attack is remarkably simple – the cybercriminal enters the network of the company that looks after selling advertising space online, taking advantage of the shared information between the company and its clients. The attacker then passes itself off as a different client and posts its own advertisement, albeit one that may contain a malicious coding in Javascript.
Once the user loads the page, the seemingly innocent ad will appear. Without even clicking on it, the exploit will start to carry out its job by installing a malware on the computer. You may even end up having to deal with a banking Trojan, which is designed to steal your bank details while you are entering them online.
Cybercriminals have been using Malvertising for the past few years, and in 2009, The New York Times suffered an attack by this means when a pop-up passed itself off as an antivirus scanner and infected the users’ computers.
Last September, The Huffington Post was also a victim of Malvertising. Not long after, The Daily Mail, a British tabloid, also inadvertently redirected its readers to exploit kits designed to install malware on their computers. Yahoo and Forbes have also suffered similar problems, just like the famous adult sites YouPorn and Pornhub.
As these cases show, cybercriminals are opting to carry out their attacks on popular websites that see a large number of traffic so as to infect as many computers as possible.
So, if cybercriminals are using advertisements on websites that we generally trust to be safe, what are the advertising agencies doing to stop this and what can we do to protect ourselves?
The well-known platform Doubleclick, which is run by Google, shut down 524 million malicious advertisements in 2014 alone. Its spokespeople made reference to using malware protection tools in their fight against the cyber attackers.
For their part, the websites that have been infected could create their own ads or use sponsored content to protect their readers, although at the moment it doesn’t seem a viable solution as external advertising is necessary for them to survive.
Therefore, the best way to protect yourself against these attacks is to install an ad blocker, like Adblock, update Java from the official website, keep your web browser updated, and always use an antivirus. We need to take measures to keep these cybercriminals at bay, as even a simple advertisement could be dangerous.
The post All you need to know about the worrying popularity of Malvertising appeared first on MediaCenter Panda Security.
Source: Panda