Malvertising
Also known as: malicious advertising
Malvertising involves using online advertisements to spread malware (malicious software). Banners are tagged with code that unwittingly installs plugins, viruses and tracking cookies on the computers of visitors to affected websites. Using ad networks, these malicious ads can theoretically be placed on any website that uses them, even those with excellent reputations.
How does malvertising work?
The spread and effectiveness of malvertising depends primarily on the ease with which malicious code can be injected into third-party websites. To install malware virtually undetected, security vulnerabilities in visitors' programs and operating systems are often exploited. In other cases, the visitor is enticed to click on a banner, after which the malicious software is downloaded and can be installed.
In addition to actively distributing ads themselves, malvertising often hitchhikes on existing banner campaigns. Leaks in software platforms to fill banner positions can be exploited to add extra code to existing banners. Especially banner systems of which it is possible to run a copy on your own server are susceptible to infections, especially if they are not updated in time.
What is the purpose of malvertising?
Malware installed unnoticed or under false pretenses can have different objectives. It may be a classic virus, intended to cause damage to a computer's programs and documents. Often, however, the distributor itself has an interest in spreading malvertising.
For example, it may involve the spread of so-called ransomware, in which the computer is rendered unusable and the owner must transfer a sum of money to regain control. Alternatively, it may involve spyware that can infer information and keystrokes, which can be used to commit identity fraud or plunder someone's bank account. This form of malvertising can be seen as a variant of phishing.
Preventing and combating malvertising
Websites and ad networks obviously have an interest in preventing visitors from being exposed to malvertising. They have a moral responsibility to visitors and also need to protect their revenue and reputation.
The main ways for a website or ad agency to combat malvertising are to actively screen advertisers and ad partners and their reputations, monitor ad codes and their operation, and regularly improve the security of banner systems.
Web users can also protect themselves against malvertising to some extent themselves. Providing their system with regular and timely available updates, installing a virus scanner and being vigilant for suspicious details before clicking on a banner can significantly reduce the chance of being hit by malvertising. If you want to go a little further, you can think about deactivating certain browser plugins such as Adobe Flash or installing an adblocker.
