If you think that online ads are annoying you should think once again because they are also quite dangerous at times. Criminals often use malicious online advertisements to put malware onto your computer. This strategy is called ‘malvertisements.’
Cybercriminals have two methods that help them to spread malware across your computer through their advertising. One common method is to hack into websites that users trust and then putting their malware into online ads and party banners that exist on that page. For instance, both The London Stock Exchange and The New York Times have been hacked by cybercriminals that put malware into their online ads.
Alternatively, hackers may take a more sophisticated approach of first posing as trustworthy companies. They’ll initially place several ‘clean’ ads on reputable websites that host third-party ads, leave them running to gain traction, and then launch their attack by inserting malware into the code behind their ads.
Both approaches allow attackers to infect as many computers as possible in a short amount of time. By clicking seemingly innocent online ads, users are directly infected or redirected to a malicious site which tricks the user into copying viruses or spyware. With some malvertisements, victims do not even have to physically click on the malicious ad itself. Just having the malvertisement pop up on your screen is enough to unleash the malware onto your computer, and can result in the theft of sensitive data such as personal information and banking details.
What makes malvertising attacks so powerful is that they can infect thousands of sites at once by infiltrating popular syndicated online ad services. Websites that run third-party ads can’t do much to protect their visitors from these malvertisements because syndicated ads are not under their direct control. After the damage is done, attackers can easily remove or discontinue their ads. And because the ad network infrastructure is often highly complex, criminals accomplish their attacks without trace.
Although online ads –and consequently ‘malvertisements’- are commonplace on the Internet, there are several steps which users can take to safeguard their systems:
• Update. Make sure your operating system, browser, and browser plug-ins are up-to-date. This is one way to defend your system against attackers who look for opportunities to exploit vulnerabilities, like outdated software on your computer – this is a key tactic for today’s cybercriminals.
• Stay Secure. Install an antivirus and two-way firewall and make sure your security software is up-to-date to keep your system protected from the latest malware attacks.
•Be Cautious. Don’t click on any pop-ups that state you’ve won a prize. And beware of scareware pop-ups that claim your computer has been infected with a virus. These rogue security solutions are popular among cybercriminals who can use these applications to infect your system.
•Block. Use your pop-up blocker or install an ad block add-on through your browser of choice (such as Firefox, Internet Explorer or Google Chrome). A pop-up ad can deliver a malicious payload as soon as the ad appears on the viewer’s screen. And in some cases, the malware will execute when the viewer clicks the “X” to close the pop-up window.
•Weekend-wary. Be especially careful of your browsing activity on the weekend. Cybercriminals tend to launch malvertising campaigns during off-peak times when IT resources are low and attacks are likely to go unnoticed.
Keep in mind that as companies continue to target people with online ads, malvertising will only become more prevalent. These are just a few ways to make sure any applications running on your system are legitimate and that you are never caught off-guard or tempted to click on what could quite possibly be not just an annoying but dangerous ad.