[email protected] +603-2181 3666
IT News
Malvertising
March 2, 2015
0

Malvertising (see Definition) – a pleasant sounding word, which has a nice ring to it.   Sounds fancy, too. But don’t let fancy words or names fool you. Danger lurks behind this word.Malvertising is basically adverts controlled by cybercriminals with the intent to infect people and businesses. Do these criminals only target specific ads or specific websites? Unfortunately, no. It can be any ad on any website. They could be the sites that you use as part of your everyday internet usage.

Though the technology adapted by these crooks is advanced, the method use to infect an unsuspecting victim is very simple. The danger is that the ad looks like any other.   There is no way that one can tell if the ad is safe or poses a threat.

Here is what takes place, without your knowledge.   A tiny piece of code, which is hidden deep within the advert, is causing your computer to go to servers set up by the criminals.   You have absolutely no way of knowing this. It will then capture details about your computer and its location. Once this is done, it will then decide which piece of malware to send you. To put is simply, your computer is now under the control of the criminals.

Your problem starts when the malware decide to rear its ugly head, and encrypt your data and hold you to a ransom (see Extol Advisory, 16th Feb on ransomware), steal your bank log in credentials (you may find that money is missing from your account and wonder what happened), log you email credentials, or any number of their scams that serve to make your lives miserable.

Malvertising

You may wonder how the criminals get their codes into the ads in the first place. Advertising on websites is commonly outsourced to third-parties. The advertising space is then re-sold, and software is provided which allows people to upload their own adverts.   Herein lies the weak point – cyber criminals use this opportunity to insert their malicious advert. Once loaded, the adverts are pushed live.

The thing about malvertising is that it poses a danger that you are not aware of. You don’t have to click on any links or on anything for that matter, or visit an un-trusted website.   Imagine you go to your favourite news website; you browse the headlines.   Unbeknownst to you, adverts are injecting criminal software onto your computer.   That’s right! Just by browsing the headlines, you get infected.   It can also happen while watching a video, or visiting other websites.

So, what do you do? How do you minimize the risk of such unwelcome attacks? See recommendations below.

 

Recommendation

1.  Do not ignore reminders to update your browsers, flash, Java, etc.

2.  Run an anti-exploit program.  There are free ones that can be found on the internet

3.  There are programs that block advertising and which are installed in your browser as add-ons such as Adblock Plus.

 

Definition

Malvertising – derived from the words, “malicious advertising. It is the use of online advertising to spread malware.  It involves injecting malicious or malware-laden advertisements into online advertising networks or webpages.

 

Source

Malwarebytes blog.