What is Malvertising? Defenition and protection.
This malicious advertisement is used to spread viruses and malware to a user’s computer or supported device.
It’s also important to notice that there is a little difference between definitions such as malvertising and ad malware - for example, ad malware (or “adware”) it’s the next step in the malvertising chain, it’s usually running on a user’s computer, and the reason is that users don’t even know about this package or malware software - they can install it with some third-party software and applications (if a user skips some ad screens during the installation or didn’t notice some check marks during the process) which they are downloaded via the malvertising ads.
In this case, the downloaded and installed adware can take some actions on the target system, such as, for example, redirections in the browser which leads to some malicious websites, or maybe installing the malicious plugins and extensions, and so on. Malvertising, however, is usually not targeted at some particular users or systems, It can involve any user that opens the website or page which contains the malicious ads - and after that any additional next step in a chain is possible.
The malicious ads are displayed to users with the help of a big advertising network. The adverts can be created and published by scammers and then distributed to the ad network. Once the adverts are sent to the ad network, they are displayed on legitimate websites and are presented to users as standard advertisements. Users click on the ads as they normally would, and malware is installed on their computers.
So, simply put, malvertising is a malicious advertisement. But what is interesting here, is that not only low-end sites and malicious pages are running ads that contain malware - even the big companies, such as Forbes, Yahoo, Spotify, The Atlantic have all been caught running these type of ads at least in the last 5 years
How Does it Work?
The first question which can appear here is “How does it possible - malicious advertisement on legitimate websites?”, and the answer is really simple: the main reason here is that advertising networks in most cases don’t check the ads that they run. For example, if you want to run an ad for your chiropractor’s office, you can just pay for that and submit it, and an ad exchange service will put your advertisement all over the world, on every possible related to its website. There is nothing that can verify your services or that your ad is legitimate. If you want to run a malicious ad, you can just submit it - and that’s it.
In some cases, the ad networks are being hacked, in others - the ad networks are willfully running malicious ads for some purpose. Because of all these reasons, the result can be disastrous - malicious ads on your favorite sites, and you are the target.
The sure signs that the site is affected by the malicious ads is the following:
- A “drive-by-download”, which is usually possible via the browser and its components vulnerabilities, such as PDF readers, online players, and so on. In some cases, this logic can be hidden via the login forms or some other additional steps, so it can be hard to detect for the computer security specialists. In other cases, users by themselves can notice that website triggers their browser to download some executable files.
- Multiple force redirections to the compromised or malicious websites - in this case, the user can be redirected to another website or page via the malicious ads that trigger redirections. Moreover, there can be a lot of additional mechanisms, such as pop-ups, Iframes, floating players, hidden links and buttons, and other things to trick the user into doing some actions.
And of course, all of these problems are heavily affect the website holders and companies - you probably won’t visit this type of website or page again, so the companies (for example, online stores, web publishers, news sites) lost their audience, traffic, visits, and money. Taking into account that it can be hard to detect and remove such types of ads, it’s not that easy to restore the reputation.
How Can I Protect Myself from Malicious Advertisements?
Fortunately, most modern browsers like Google Chrome, Safari or edge able to prevent some of these dangers - so it’s better to keep your regular browser up-to-date. However, if you are concerned about yourself and the safety of your device, you should install specific browser extensions, such as ad-blockers.
Ad-blockers can block different types of ads (including malicious), trackers, and social analytics which can be used by different third-party companies to collect information about you and your interests. Besides this, some modern antiviruses also protect users from malicious websites and hidden malware.
Also, it may be useful to review your daily websites and resources to understand, if they can be risky or not for any reason.
Malicious advertisements are more dangerous than one might think. These ads are spread via ad networks that are being used by many reputable and big websites. However, these ad networks are not responsible for the malicious ads that are shown on their website.
These ads are being spread by third-party advertisers that are using the ad networks to display their ads. This allows the advertisers to send their ads to many websites at once, without having to have their website.
Another worrying fact is that even if you close the page where the ad is being displayed, the malicious ad might still be loaded and displayed in the background, which can lead to problems such as information disclose, tracking, or even malware on your computer.