Malvertisement: The Covert Advert

July 11, 2018
Anti Malware programs

Malvertising

Sounds like a mouthful, I know. But it’s a word-blend (postmanteau) between Malware and Advertising.

To put it simply, the use of online advertisement to spread Malware.

Malvertising is what occurs when online advertising is used to spread malwares. Malvertising is what ensues when attackers purchase ad spaces in famous or legitimate websites and inject them with ads that are loaded with viruses, spywares, malwares and all sorts of cyber waste out there you’ve never even heard of. Basically, any display advert that delivers a code-based threat to the visitor’s browsing session can be thought of as a malvertisement.

How does it work and who are affected?

I know, these attackers are quite “sneaky” and that’s true. That’s how they operate. And they don’t really care if the sites are big shots like Google, Yahoo, Spotify, Ebay or even Reuters. The more popular a website is, the more users they can infect. It provides them with a wider platform to push their attacks to unsuspecting web users who might not otherwise see the adverts, due to firewalls, more safety precautions or the like.

So what goes down, exactly? Attackers attach themselves on trusted, legitimate websites as bait. These attackers aim for clean and reputable websites specifically those with lots of frequent visitors (e.g. Youtube, Spotify, NY Times, Yahoo, AOL, NFL, etc.). Many websites, especially the large and popular ones with several thousands or millions of users per day, rely heavily on third-party vendors and software providers to display their adverts for them. This, in turn, reduces direct oversight and the amount of scrutiny that should take place security-wise. This kind of data automation makes online adverts vulnerable to malvertising. The websites themselves aren’t infected, and the advert publishers have no idea that they are blasting malicious content into potentially thousands and possibly millions of computers until it’s too late. Moreover, it has become quite a challenge for cybersecurity experts to properly identify exactly which adverts carry malicious contents because the adverts on a certain page change constantly. One user may get infected, but the next five, who visits the exact same page won’t be.

I’m OK as long as I don’t click those ads, right?

FACT: PCs can be infected pre and post-click.

It is a very common notion that the actual malware infection happens when visitors to the infected site begin clicking on a malvertisement. But that’s not the case. Instances of these pre-click malwares include being incorporated in main scripts of the webpage or what we call drive-by-downloads. These malwares can be programmed to auto-run, meaning it can automatically take a user to a different site entirely and that site could be potentially malicious. Malwares can also be programmed to execute in the delivery of an advert – wherein a clean advert that has no infection pre or post click (in its original design) can still be infected whilst being requested.

Malvertising is a relatively fresh and perceptive approach for spreading malware and is even harder to prevent because it can work its way into a legitimate webpage and spread through a system unknowingly. An interesting thing about these infections via malverts is that it doesn’t require any clicking from the user to compromise the system and doesn’t expose any weaknesses on the website or even the server it is hosted from. The complexities of these infections are so diverse and yet its delivery is as simple as injecting through advertisement networks.

Major companies and websites have had their share of challenges in battling the growing number of malvertising attacks, which hints that it’s not going away anytime soon.

OK . How can we fend off these attacks?

Unfortunately, with this kind of attack vector, it’s quite difficult to defend ourselves against it head-on. But, there are a few things that we can do to possibly protect ourselves, if not, prevent these cyber-attacks from happening.

  • Disable / Turn Off Java – In most cases, you won’t need Flash too. The less plugins you have installed or enabled, the lesser potential entry points you’re leaving for malverts.
  • Make sure your plugins are updated – If you must install plugins, make sure they are updated for them to be effective. Developers regularly issues updates to fix security gaps so make sure you install them.
  • Make sure your browser is updated with the latest version – This is a no-brainer. Most cyber-attacks are often introduced via browsers due to security holes. It pays off to making sure you have the latest security updates installed.
  • Consider installing an Ad-blocker, Pop-up blocker or Anti-malware programs – This is another option to fight off those nasty pop-ups and other malwares unknowingly creeping its way to your system.
  • Get a decent Antivirus Software – Your first line of defense against viruses, malwares, and other forms of cyber-attacks.

It’s important to keep in mind that at the end of the day, no matter what kind of device you use, you just need to be aware and be mindful of the sites you visit, the apps or anti malware programs you install, and how it affects your privacy. Always make sure you are updated and well-informed with the latest trends and developments in Cyber Security

here at iZOOlogic.com/blogs.

Vince Luna

iZOOlabs Security Response

About the author

Leave a Reply