Cyber criminals are constantly changing their techniques to catch business owners, IT professionals, and individual users off-guard. Malvertising is the latest in big cyber threats, and those who want to keep their personal and business computers secure should educate themselves on how it works and how it can be avoided.
Malvertising: What Is It and How Does It Work?
Most websites today display advertisements, whether they be interstitial commercials or small banner ads. But where do these ads come from? They're usually provided by large, third-party advertising networks. These networks find companies that want to advertise and pay out companies that want to publish ads. Unfortunately, this also means that websites aren't in control of the advertisements they serve: the advertisements are always pulled directly from the third-party. Notably, Match.com was recently a victim to a malvertising attack, as was its sister site, Plenty of Fish.
Malvertising takes advantage of this to embed harmful code -- spyware, adware, and viruses -- into the advertisement itself. When you view an ad, this malicious code is launched, and your machine is infected. Malvertising may be designed to recruit your computer into a botnet (so it can transmit and receive data through your computer silently) or may be designed to collect information from you so that it can compromise your identity. Malvertising is particularly insidious because it can occur anywhere -- though third-party advertising companies try to quash malvertising when they find it, they do need to find it first.
Protecting Yourself from Malvertising
Because malvertising can occur anywhere, it's not enough to change your behaviors. Instead, you need to enhance your system's security. There are two major ways that you can do so: through ad blocking and through a comprehensive antivirus and malware solution. Ad blocking programs block ads completely: they neither load nor run them on your machine. The advantage to this is that you load pages faster and you aren't subjected to potentially malicious advertisements; the downside is that an ad blocking program doesn't necessarily catch all advertisements, and websites are increasingly finding ways to get around this type of block.
While traditional antivirus and malware scanners will scan the advertisements that you do view for malicious code, they can only identify exploits that have already been discovered. The exception to this rule is CylancePROTECT, which is a next generation anti-virus that looks for patterns of malicious activity and does not rely on regular updates.
Though malvertising is certainly trending now, it has also cropped up in the past -- usually in the form of viruses embedded in third-party Flash advertisements. Flash is no longer used by many advertising companies for specifically this reason. There will always be security issues, sometimes even on the most trustworthy of sites. It's up to each individual user to make sure their computer's security is fully protected.
Image source: Intel Free Press