Malvertising (malicious advertising) is a way of spreading malware through online advertising. It is a fairly new concept for spreading malware, it is even harder to prevent because it can infect any system unnoticeably. The interesting thing about the infections delivered through malvertisement is that it does not require any user interaction (like click) to compromise the target system. The affected computers then can be used to carry out illegal activities(such as identity theft, spying, etc). It is appealing because the attackers can easily spread malware across a large number of legit websites without directly compromising them.
Malvertising was first recorded in late 2007 / early 2008. The threat was based on a vulnerability in Adobe Flash which affected a number of platforms including, MySpace, Excite and Rhapsody.
Malvertising is usually executed by hiding malicious code(malware) within relatively safe online advertisements. These ads can redirect a victim to untrusted content(eg.websites) which may contain malware or directly infect a victim’s computer with malware which may damage a system, steal sensitive information(eg.identity, credit cards) or even take control over the system. Several popular websites and news sources have been victims to malvertising and have had malicious advertisements placed on their web pages or widgets unknowingly, including Horoscope.com, The New York Times, the London Stock Exchange, Spotify, and The Onion.
How to prevent?
Since malvertisement is included in websites, anti-malware tools must be used to lessen harmful effects. Commonly used programs such as Adobe Flash Player and Adobe Reader can have their flaws and may be vulnerable, so avoiding them or at least keeping them updated is a must. Ad blocking software can be used to avoid downloading the malware contained advertisements or a specific browser extension can be used for blocking malvertising campaigns. Some of the measures to prevent malvertising attacks:
1. Enable Click-to-Play Plug-ins: Make sure you enable “click-to-play” plug-ins in your web browser. By enabling Click-to-Play, web content that requires plugins such as Java, Flash, Silverlight, Adobe Reader, QuickTime, and more will be disabled by default. Users must manually Click to Play plugin content on any given web page or to load the content. This provides security control so that malicious content in the webpage is not automatically executed by the browser.
2. Use Anti-malware plugins/extensions: Try to use anti-malware extensions in your browser. Those plugins block malicious websites and filters out the unwanted contents thereby keeping you safe from such kinds of attacks. Eg, Malwarebytes, Anti Malware SubZero, etc.
3. Disable/remove unused plugins: Keeping many plugins increases the chances of attacks, as the plugin you’re using may be vulnerable. So, removing the plugins that are not in use, is definitely a good measure.
4. Keep plugins/extensions updated: Always try to keep your plugins/extensions updated. A software is more often updated if any bug or vulnerability is encountered. Updating it will patch the issue and will protect you from being compromised.
5. Close the window on popup: At times a Malvertisement may give you popup window which might load malicious websites. At this time quickly close the new popped up browser window before the malicious script/code get downloaded and executed in your system.
Besides these measures, you must keep yourself safe from such online attacks. Though Malvertising attacks are done through trusted sites, visiting untrusted sites is even worse. Visiting untrusted and unreliable sites will increase your chances of being compromised. Avoid visiting such sites in order to stay safe from these kinds of attacks. Since these attacks are gaining popularity, some developers may have already fixed the vulnerabilities or the browsers may have implemented some security measure to keep their user’s safety. So, always try to keep your software up to date.