Pinterest Stumbleupon Whatsapp
Ads by Google

Although it’s difficult to say just how prevalent malvertising is, it’s clear that it’s a growing threat.

Invincea, an endpoint security firm, blocked 2.1 million malicious advertisements in the first six months of 2015. RiskIQ stated that the number of bad ads counted in that period was an increase of 260% from the previous year. We may not know just how big it is, but it’s big.

And it’s doing a lot of damage. In June of 2015, Invincea estimated that malvertising could do a billion dollars in damage by the end of the year. And with the very low entry cost to the field, there’s reason to believe that the prevalence of malvertising will only increase in the coming years.

malvertising-statistics

With all of that in mind, this guide which will help you understand what malvertising is, why it’s so popular, where it’s hiding, and what you can do about it.

What Is Malvertising?

“Malvertising” is a portmanteau of “malicious advertising.” In short, malvertising is the practice of using online ads to infect computers with various types of malware Viruses, Spyware, Malware, etc. Explained: Understanding Online Threats Viruses, Spyware, Malware, etc. Explained: Understanding Online Threats When you start to think about all the things that could go wrong when browsing the Internet, the web starts to look like a pretty scary place. Read More .

Ads by Google

Interestingly, the infection doesn’t always require a click on the advertisement – just seeing the malicious ad can infect your computer without any indication that anything has gone wrong (unless you have an anti-exploit solution, as shown in the video below).

This is accomplished by the insertion of special scripts within an ad that run as soon as the ad is shown to a user; this is known as a “pre-click” infection. “Post-click” infection is also possible, and ads that redirect the user to an infected site that downloads malicious files to their computer remain an effective way of delivering malware.

What kind of payload do these malvertisements carry? It can be anything from adware to a piece of code that attempts to change the settings on your home router. Exploit kits This Is How They Hack You: The Murky World of Exploit Kits This Is How They Hack You: The Murky World of Exploit Kits Scammers can use software suites to exploit vulnerabilities and create malware. But what are these exploit kits? Where do they come from? And how can they be stopped? Read More are common payloads in malvertisements, and will open up your computer to any other type of malware that a cybercriminal wants on your hard drive. Ransomware Ransomware Keeps Growing - How Can You Protect Yourself? Ransomware Keeps Growing - How Can You Protect Yourself? Read More , botnets, and banking/financial information theft programs are also often delivered. You may remember Kyle and Stan Meet Kyle And Stan, A New Malvertising Nightmare Meet Kyle And Stan, A New Malvertising Nightmare Read More , one of the payloads delivered in 2014.

Why Is Malvertising Getting So Popular?

The huge increase in the incidents of malvertising is easily explainable: it works, and it works really well.

One of the reasons that it works so well is that it can effectively infiltrate highly trusted websites. Third-party ad networks sell ads to big sites like eBay, The Weather Channel, Rotten Tomatoes, and MakeUseOf, and those websites display the ads. If a malvertiser can figure out a way to get a malicious ad accepted by an ad network, it could be distributed to a huge number of websites before it’s caught.

virus-propagation

Many of the transactions between advertisers and ad networks are done programmatically, with humans only peripherally involved, increasing the chance that a malvertiser can slip a malicious ad by the security systems of the ad networks. Websites often don’t even know what ads will be shown on their sites, removing one more level of potential detection – they leave it up to the ad networks, who are in charge of the security of the ads.

Even highly trusted ad networks, like Google’s DoubleClick, have distributed malicious ads. One method that malvertisers use to get their ads into these trusted networks is by buying ad space for benign ads first; once they’ve established a reputation as a legitimate advertiser, they’ll start adding malware-laden ads. Because they’re under less scrutiny than new advertisers, they have the chance to slip these malvertisements by the network for a while before they get caught.

A newer method of getting malvertisements published is just-in-time malware assembly, which includes innocent-looking components of code in the ads that are downloaded separately to a victim’s computer before being assembled and compiled into the malware payload. This payload can then run or download additional components to complete the assembly. This is especially difficult to detect.

jit-malware-assembly

Adware can also be installed via malicious browser add-ons and extensions 4 Malicious Browser Extensions That Help Hackers Target Their Victims 4 Malicious Browser Extensions That Help Hackers Target Their Victims You'd be wrong to think all browser extensions are designed to help you. Whether extensions exploit vulnerabilities or send data to hackers, it's time to be vigilant about how you enhance your browser. Read More , which many users aren’t careful about. This adware can trigger further infections through the use of malvertisements delivered directly to the user’s browser.

Where Do Malvertisements Hide?

Unfortunately, you can find malvertising absolutely anywhere. Of course, shady streaming and torrent websites Why Safe Torrenting Died With The Pirate Bay Why Safe Torrenting Died With The Pirate Bay As far as "popular" torrenting is concerned, the comparative safety that existed at The Pirate Bay is gone, and safe torrent downloads with it. Read More are dangerous, but because of how third-party ad networks operate, infected ads can be spread to a wide variety of otherwise very trustworthy sites at high speed. While there are sites that are more likely than others Which Websites Are Most Likely to Infect You with Malware? Which Websites Are Most Likely to Infect You with Malware? You might think that porn sites, the Dark web or other unsavory websites are the most likely places for your computer to be infected with malware. But you would be wrong. Read More to infect you with malware, you can be hit at any time with one of these ads.

And because many pieces of malware can be delivered without a user clicking on an ad, malvertising is a very stealthy medium. However, RiskIQ’s research showed that in 2015, the most common form of malvertising was through fake software updates, especially for Adobe’s Flash plugin. They can also be spread through fake virus and malware warnings How to Spot and Avoid Fake Virus & Malware Warnings How to Spot and Avoid Fake Virus & Malware Warnings How can you tell between genuine and fake virus or malware warning messages? It can be tough, but if you stay calm there are a few signs that will help you distinguish between the two. Read More , though the prevalence of that particular method has decreased. (The alert below looks legit, but be sure to hit the link in the previous sentence to make sure you know how to spot a fake one.)

flash-update

This is why it’s difficult to protect yourself from malvertising – it strikes fast and can come from just about anywhere.

How to Protect Yourself

The steps for protecting yourself from malvertising are very similar to the ones you need to take to protect yourself from any other type of malware 9 Easy Ways To Never Get A Virus 9 Easy Ways To Never Get A Virus It's a curious fact that the people who are most worried about viruses get them more often. With a little basic training you can completely avoid the problem of viruses and malware, so you can... Read More .

Disable Flash and Silverlight

Adobe’s Flash and Microsoft’s Silverlight are often targeted by cybercriminals for exploitation because of their well-known security vulnerabilities. If you’re running either of these plugins in your browser, you should disable them right away, or at least turn on click-to-play so that you’re prompted to approve the use of the plugin before it starts.

click-to-play

And then, of course, you should only approve the use of Flash or Silverlight if you’re confident that the site you’re on is clean and that the plugin isn’t being requested for an ad (if you’re using Amazon Prime on Safari, for example, you’ll need to use Silverlight to stream videos). Flash and Silverlight aren’t the only insecure plugins, though, so be sure to read up on which ones you should disable or restrict Think Flash Is the Only Insecure Plugin? Think Again Think Flash Is the Only Insecure Plugin? Think Again Flash isn't the only browser plugin that presents a risk to your online privacy and security. Here are three more plugins that you probably have installed in your browser, but should uninstall today. Read More .

Block Ads and Scripts

It’s a controversial practice Publishers Need to Stop Whining About Adblock Publishers Need to Stop Whining About Adblock Ad-blocking seems like a natural option for any consumer because of a simple reason: it's an easy way to get rid of an annoyance. Read More , but right now it’s the best way to protect yourself from malvertising. If an ad is blocked, it can’t infect you with a malware payload (at least as far as we know). Blocking scripts will help, too, as they’re often the tool embedded in the malvertisement that delivers the payload.

Unfortunately, even whitelisting trusted domains might not be a good idea because of how third-party at networks work. There have been reports of malvertisement infections on the LA Times, Yahoo, Comcast, Answers.com, and many other big-name sites. You just never know where it’s going to pop up next.

Use Antivirus Software

At this point, if you’re not using antivirus software, you’re pretty much asking to get infected. There are tons of great antivirus options out there (here’s our latest article on great antivirus options for Mac 9 Apple Mac Antivirus Options You Should Consider Today 9 Apple Mac Antivirus Options You Should Consider Today By now, you should know that Macs need antivirus software, but which one should you choose? These nine security suites will help you stay free of viruses, trojans, and all other sorts of malware. Read More ), and they’re all working to protect you from malvertising and other malware vectors.

Install the software, make sure it’s always running, and keep it updated. It’s that simple. If you want something specifically for keeping yourself safe from exploits, check out MalwareBytes’ Anti-Exploit software.

The Next Wave of Malware

Malvertising isn’t exactly new, but its popularity is growing extremely fast, so we’re likely to see a lot more of it in the coming years. And no matter how you feel about ad blocking, it’s currently the best way to stay safe. With the ingenuity of cybercriminals out there, though, that may not remain effective for long.

Are you worried about malvertising? Has it made you start using ad or script blockers? Have you had any direct experiences with malvertisements? Share your thoughts below!

Image Credits: Blood zombie hands by iJeab via Shutterstock, fotogestoeber via Shutterstock.com, Invincea 1H 2015 Advanced Endpoint Threat Report, Matthew Oliphant via flickr.

  1. likefun butnot
    February 16, 2016 at 3:40 pm

    Ad Blocking isn't as simple as installing Adblock Plus. You need to have a good working set of blocking subscriptions. One of the easier ways to find subscription lists is from a Google search for "abp subs" (these work in other blockers such as ublock origin and ablock latitude as well). I suggest Easylist, Fanboy's Annoyances, Malware Domains, Spam404 and Adware Filters. It's a personal choice whether to add "Adblock Warning Removal" or Adblock Plus's own "Allow Non-intrusive Advertising", but I do those as well.

    Ad blocking needs to be configured for all available web browsers on a system, even if you have no plans to use them. It's definitely possible for something to attack a browser you're never use.

    Web browsers that do not support ad blocking (looking at you, Edge and Chrome on Android), should not be considered acceptable.

    You may also wish to use an Ad-blocking hosts file for your computer or rooted mobile devices. This is a blunt instrument compared to more granular blocking from a browser addon, but it also works regardless of the internet-enabled software being used and helps for systems that have a certain amount of advertising baked in (Android).

    Finally, having some degree of fine control over script execution above and beyond simple ad blocking is incredibly helpful from a security standpoint. I'm a big fan of proper NoScript, which runs wonderfully on Mozilla-derived browsers like Firefox, Seamonkey, Waterfox and Palemoon, but it's less functional on non-Mozilla platforms. An alternative option, particularly for less technical users, is uMatrix, which does exist and work on Chrome and Opera as well as Mozilla-type browsers.

    • Dann Albright
      February 18, 2016 at 12:45 am

      Thanks for all of this great advice—it makes sense that having the right subs for ad blockers would boost the efficacy of the software, though I haven't looked for any research that indicates that. And yes, being able to specify the types of scripts and plugins that your browser runs will definitely be a big help, especially with JavaScript and Flash being so prone to exploitation.

    • Roger Deep
      March 19, 2016 at 11:46 am

      You can use http://magichosts.pt/ to have 3 sources and firewall rules to block most of the know ads companies and malware related stuff.
      Install and download those source files that will create a super HOSTS file, plus lot's of IP on the firewall that block ransomware and other bad IP's. Simple and free, but you do need to update it manually at least once a week.

  2. fcd76218
    February 16, 2016 at 2:53 pm

    "Even highly trusted ad networks, like Google’s DoubleClick"
    Trusted by whom? Google? Trusted to do what? To deliver malware?
    As far back as I can remember DoubleClick was always considered to be a sleazy purveyor of malvertising. Their URL was/is the first to be blocked in my Hosts file. Just because Google acquired them does not mean that DoubleClick's reputation or practices have been sanitized in any manner, shape or form.

    • Dann Albright
      February 18, 2016 at 12:43 am

      Trusted by a lot of web publishers to deliver ads—it's one of the biggest ad networks out there, and that wouldn't be the case if people didn't trust it. Whether that trust is misplaced or whether they serve more malware than another network is another issue. The fact remains that DoubleClick is huge.

  3. A41202813GMAIL ..
    February 16, 2016 at 2:07 pm

    ( From Other Thread )

    Some Months Ago, I Configured My AV To Warn Me And Block Any Programs Before Even Starting From My Download And Temp Folders.

    If I Can Not Install Software, I Have To Unblock That Feature And, Afterwards, Block It Again.

    Absolutely No Freaking MalWare Problems Since.

    XPOCALYPSE FOREVER !

    ---

    • Dann Albright
      February 18, 2016 at 12:38 am

      Which AV are you using?

    • A41202813GMAIL ..
      February 19, 2016 at 12:36 am

      MCAFEE VIRUSSCAN ENTERPRISE 8.8 RP5.

      Version RP6 Is The Most Recent And The First Compatible With W10 - For Those Of You Who Can Not Live Without The **Latest And Greatest**.

      Thank You For Responding.

Leave a Reply

Your email address will not be published. Required fields are marked *