Malvertising: Large-Scale Risk

You know those ads on the sides of almost any website you go to? Annoying, but relatively safe, right? Wrong! It turns out your favorite websites may unwittingly pass along malware into your device through their display advertisements. ‘Malvertising’, as it’s referred to in the security world, is a lucrative venture for global cyber criminals, and there are no signs of it slowing down. Read on to learn more about the spread of malvertising, and what you can do to protect yourself.

What is Malvertising?

Malvertising refers to a series of methods for spreading malware through advertisements on web pages. Malvertising takes advantage of websites looking for additional revenue. Often, innocent websites outsource their advertising space to third-party vendors who fill the space every time a new user enters the page. Millions of display ads are served every day through hundreds of real-time exchanges, making it easy for problematic ads to slip through the cracks.

These ad exchanges provide an ideal environment for covert malware distribution. The websites who host the ads don’t have a way to approve every single ad that is displayed on their websites; they have to trust that the ad exchanges will do that work themselves.

This system usually works. Ad exchanges filter out spammy or inappropriate ads all the time. But malware distributors, being the lovely chaps they are, have found ways around the system. First they pose as your average Joe advertiser. For weeks or months the cyber criminals masquerade as legitimate vendors, putting normal ads into the distribution algorithms. Once they have gained the trust of the ad exchange, they begin to mix normal ads with ones riddled with viruses or spyware. This malware is served and executed separately from the host website’s infrastructure, making the websites unknowing facilitators of these malicious programs.

In this chaotic system of ad exchange and outsourcing, even the ‘safest’ websites are still vulnerable.

Are normal users at risk?

People used to think they could stay safe online simply by avoiding ‘phishy’ or low-quality websites. But as trusted websites like AOL and Yahoo get roped in as unintentional hosts for malvertising, there aren’t many ‘safe-havens’ left.

One of the scariest things about these bogus ads is that many of the attacks don’t even require users to click on the display ad to execute the bad script. Instead, attackers embed the malvertising as iframes in the background of a website that run as soon as the user loads the page. Without even clicking an ad, the user’s device is already infected.

Malvertising in action: The “CryptoWall” attack

Were you hit by the “CryptoWall” this past fall? If you’re lucky enough to be unfamiliar with the attack, it went something like this – A user clicked on a fake ad and suddenly all their files were encrypted. The only way to decrypt the files was to pay the creators of the malvertisements thousands of dollars in bitcoins. The cyber criminals got away with more than a million dollars, and have yet to be found!

How can you defend yourself?

Make sure your plugins and operating system are all running their most up to date versions. You might want to download a plugin that blocks all advertisements during your browsing sessions. It’s a strong measure but it also prevents your favorite websites from generating the ad revenue that most of them rely on. Then turn on Reason’s Safe Browsing feature. This should accompany any other measures you take against malvertising. Safe Browsing analyzes websites on the fly, and warns you of vulnerable pages in your searches. Search and surf securely and let Reason do the rest.

Sources:
http://www.thewindowsclub.com/what-is-malvertising
http://www.pcworld.com/article/2837572/massive-malvertising-campaign-on-yahoo-aol-and-other-sites-delivers-ransomware.html
http://www.tomsguide.com/us/malvertising-what-it-is,news-19877.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s