It’s an ugly word, and not one you want to say often. But you will be hearing more about malvertising in the future. It’s a type of attack that takes advantage of banner ads you see in many legitimate websites like Yahoo, Match.com and AOL.
What happens with a malvertising campaign is that bad guys buy legitimate ad space from advertising networks, and when people click on their ads, they get attacked. This can happen on any trusted website, and there are some high profile cases that have been in the news lately. The worst so far is one called CryptoWall that can lock up the hard drive and all the files on your computer, and hold them for ransom.
In this Security Week story (click HERE), a malvertising campaign was discovered that targeted major trusted websites like the ones above with advertising for other major brands that people tend to trust, like Microsoft. Once you click on the ad, the landing page where you would expect to learn more about the product or service actually turns out to be an attack page. It has code that detects what version of browser you have, and automatically launches an “exploit kit” that is directed at your browser. This kind of attack doesn’t require you to click on anything other than the ad on the page you already trust.
What is an exploit kit?
An exploit kit is like a loaded shotgun that can shoot many different types of messages and data at your computer that try to take advantage of known weaknesses in certain versions of software. If you have not updated your browser to incorporate the latest security patches from the browser provider (Mozilla, Microsoft, Google, Apple, etc.), then it is very possible that the exploit kit will find a way to break into your browser.
Typically, these attacks are asking for a ransom to be paid by the victim. They require payment in the form of Bitcoins, a new electronic currency for which it is hard (or impossible) to trace payments.
What can you do to protect yourself from malvertising?
Sadly, it’s very hard to know whether an ad on a trusted website may be fake, and possilby hosted by a malicious advertiser (or malvertiser). So, the best ways to avoid it are to:
So, be careful when you see an ad that looks good enough to click on. It may be trouble.
Scott Wright
The Streetwise Security Coach
Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com