It’s an ugly word, and not one you want to say often. But you will be hearing more about malvertising in the future. It’s a type of attack that takes advantage of banner ads you see in many legitimate websites like Yahoo, Match.com and AOL.

What happens with a malvertising campaign is that bad guys buy legitimate ad space from advertising networks, and when people click on their ads, they get attacked. This can happen on any trusted website, and there are some high profile cases that have been in the news lately. The worst so far is one called CryptoWall that can lock up the hard drive and all the files on your computer, and hold them for ransom.

In this Security Week story (click HERE), a malvertising campaign was discovered that targeted major trusted websites like the ones above with advertising for other major brands that people tend to trust, like Microsoft. Once you click on the ad, the landing page where you would expect to learn more about the product or service actually turns out to be an attack page. It has code that detects what version of browser you have, and automatically launches an “exploit kit” that is directed at your browser. This kind of attack doesn’t require you to click on anything other than the ad on the page you already trust.

What is an exploit kit?

An exploit kit is like a loaded shotgun that can shoot many different types of messages and data at your computer that try to take advantage of known weaknesses in certain versions of software. If you have not updated your browser to incorporate the latest security patches from the browser provider (Mozilla, Microsoft, Google, Apple, etc.), then it is very possible that the exploit kit will find a way to break into your browser.

Typically, these attacks are asking for a ransom to be paid by the victim. They require payment in the form of Bitcoins, a new electronic currency for which it is hard (or impossible) to trace payments.

What can you do to protect yourself from malvertising?

Sadly, it’s very hard to know whether an ad on a trusted website may be fake, and possilby hosted by a malicious advertiser (or malvertiser). So, the best ways to avoid it are to:

1. Make sure your browser software is always up to date. Many browser versions now update themselves automatically. But you need to check and be sure.
2. Type in the URL of the apparent advertiser and try to find the product or service manually on their website. I know that’s a pain in the butt to do, but until ad networks have a reliable way to screen out malvertising, it will be risky to click on banner ads unless you are extremely careful to look at the domain to which an ad link will take you.

So, be careful when you see an ad that looks good enough to click on. It may be trouble.

Scott Wright

The Streetwise Security Coach

Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com

Not sure if our services are right for you? Why not ask for a free consultation?

We can even ’test drive’ a demo during our first call to try out any options that are of interest to you.

LET’S GET STARTED