Malvertising, or malicious advertising, is the use of online advertising to distribute malware with little to no user interaction required. You could be researching business trends on a site like NYTimes.com and, without ever having clicked on an ad, be in trouble. A tiny piece of code hidden deep in the ad directs your computer to criminal servers. These servers catalog details about your computer and its location, and then select the “right” malware for you.
Malvertising has gone unchecked because of the current lax conditions and low barrier for entry to ad networks. In order to advertise online, businesses merely sign up with a network and then bid in real time to have their ads appear on popular websites. However, not all advertising networks have strict criteria for advertisers. Not only that, but buying advertising space is increasingly being transacted automatically. Ad sellers don’t always know the buyers, and some ad platforms allow newcomers in cheap.
Infected ad often uses an iframe, or invisible webpage element, to do its work. You don’t even need to click on the ad to activate it—just visit the webpage hosting the ad. The iframe redirects to an exploit landing page, and malicious code attacks your system from the landing page via exploit. The exploit kit delivers malware—and 70 percent of the time, it’s ransomware.
Plainly, if you use the Internet, you can’t avoid malvertising. But you can protect against it. Here are a few ways to batten down the hatches and brace yourself against malvertising.
1. Practice safe browsing
It won’t protect you against malvertising living on reputable sites, but it will decrease your odds of getting hit with the veritable wall of crap ready to greet you from the shadier side of the Internet.
2. Tighten up vulnerabilities on your computer.
Malvertising is simply a vehicle for finding security flaws hiding elsewhere in your system. Keep your software patched, update your operating system, run the latest browsers, and remove any software (especially Flash or Java) that you don’t use or need.
3. Download an ad blocker
Ad blockers can filter out a lot of the malvertising noise, stopping dynamic scripts from loading dangerous content. However, many of the most reputable news sites rely on advertising for revenue, so they ask users to disable ad blockers in order to access content.
4. Enable click-to-play plugins on your web browser
Click-to-play plugins keep Flash or Java from running unless you specifically tell them to (by clicking on the ad). A good bulk of malvertising relies on exploiting these plugins, so enabling this feature in your browser settings will offer excellent protection.
5. Run an effective anti-exploit program
When all else fails, a good anti-exploit program can shield browser, OS, and software vulnerabilities, catching any of the riff-raff that makes it through your defenses.
So unless you’d like to become an Internet recluse, it looks like, for now, there’s not much you can do to avoid malvertising altogether. But with the right protections in place, you can still beat bad ads