What is Malvertising? How to Identify and Protect Against Malvertising Attacks



How does malvertising affect companies and individuals differently? Learn how to identify and avoid malvertisements in Data Protection 101, our series on the fundamentals of information security.

A Definition of Malvertising

Malvertising is the practice of using web advertisements to spread malware. Cybercriminals use the same advertising strategies as legitimate companies, except that malvertisements will either try to download malware directly to visitors’ devices upon viewing or send visitors to websites that distribute viruses, ransomware, or other malicious programs. Malvertising is a favorite medium for criminal behavior because it takes advantage of consumer trust in companies and advertising networks.

How Malvertising Works

Malvertisements are distributed via the same methods as normal online advertisements. Infected graphic files are submitted to a legitimate advertisement network with hopes that the advertiser won’t be able to differentiate between trustworthy ads and harmful ones. Ads are often designed to cause strong emotions in the viewer and will include a call-to-action to encourage visitors to click. When approved by the advertiser, these malicious ads are served to legitimate sites. In some cases cybercriminals will even re-register expired, but previously legitimate, domains to disguise themselves as a trustworthy domain. Criminals can use redirects to send clickers to a malicious site, and users remain ignorant because they expect redirects when clicking on an ad. While on the malicious website, code will run in the background which will attempt to download malware onto the device. This unintentional download of a virus or malicious code is known as a drive-by download. Malvertisements often use drive-by attacks to download ransomware onto targeted computers. Advanced forms of malvertisements can even install malware on visitors’ devices directly from the legitimate website that is displaying the ad and without any interaction from visitors.

How to Identify Malvertisements

How can you identify which ads are real and which are potentially harmful? Cybercriminals are becoming more and more sophisticated in their efforts, so there is no way to know at a glance whether an ad is legitimate or part of a malvertising attack. However, there are a few strategies that can be implemented to significantly lessen the risks of clicking on a malvertisement. Be aware of and do not click on:

  • Ads that do not look like they were made by a professional graphic designer
  • Ads that have spelling errors
  • Ads that promise miraculous cures or celebrity scandals – if it sounds too good to be true, it probably is
  • Ads that do not match your recent/typical search history or browsing behavior

Recent Examples of Malvertising Attacks

It is important to remember that ad networks are responsible for distributing real and fraudulent ads. The reliability of a website does not necessarily determine whether or not it will contain malvertisements; in fact, recent examples have proven that even the most well-known, legitimate sites can distribute malvertisements unknowingly. Despite all efforts to educate people about malvertising attacks, there will inevitably be cases where reputable companies serve malvertisements to users who put too much trust in these websites. In recent years, Forbes and Spotify have both been negatively impacted by malvertising campaigns that infected visitors with malware.

Forbes

In late 2015, Forbes Magazine took a strong stance against ad blockers and refused to show its content to any visitors that were running them. When visitors turned their ad blockers off to gain access to Forbes articles, malvertisements were displayed in place of real advertisements. Although the responsibility for choosing safe ads lies with the magazine’s ad network, people blamed Forbes for its initial strike against ad blockers. The irony of this case makes it an unforgettable example of the consequences that malvertising has for businesses as well as consumers.

Spotify

In 2011, Spotify’s free streaming service displayed malvertisements for users on Windows desktops. The ads initiated a drive-by installation of a fake Windows Recovery anti-virus tool. The malvertisements were based in Spotify’s ad network and not connected to an internet browser. Unlike traditional malvertisements that require the viewer to click on them before spreading viruses, these Spotify ads could execute code simply by being displayed on screen. Following the outbreak, Spotify put all advertising with third party companies on hold until it could determine the source of the problem.

Best Practices to Avoid Falling Victim to Malvertising Attacks

Awareness is only the first step in protecting against malvertising attacks. There are a number of solutions that, when used in combination, can help ensure that you remain safe from threats distributed by malvertisements:

  • Identify ads that seem illegitimate: Use the information in this article to help determine which ads are safe and which may contain harmful code.
  • Use an ad blocker: By blocking all advertisements from displaying on websites, you will remove any chance of viewing clicking on an ad that is potentially harmful.
  • Search for a company without clicking on an ad: If you are interested in what an advertisement is offering but are unsure about whether an ad is legitimate or not, simply visit the company’s website without clicking on the ad. If there is no website, or if there are complaints about the company, then the ad was most likely fake.
  • Resist clicking on ads, even if they appear to be from reputable companies: Simply put, if you never click on advertisements, you will never click on a malvertisement either.
  • Stay up-to-date on the latest malvertising scandals: By following news about compromised websites and potential malvertising campaigns, you can protect yourself and others from known malvertising threats.
  • Run anti-virus/anti-malware on your computer: While these solutions cannot protect against all forms of malware, they are a good first line of defense against known malware that can infect your computer.

Malvertising will continue to be a problem for years to come, and it is something that organizations and end users should know how to identify and avoid so that no sensitive data is compromised by malvertising attacks. If your website uses a third party ad network, be aware that any malvertisements that are displayed on your website can harm potential customers and ultimately hurt your reputation. Through education and vigilance, the risks of malvertising can be minimized and your data will remain intact.

Juliana de Groot

ANALYST REPORTS

Gartner 2017 Magic Quadrant for Enterprise Data Loss Prevention (DLP)