Banner ads are the wallpaper of the internet and, like wallpaper, they can hide some pretty terrible things. Lately they’ve been used to spread malvertising, which is a type of security threat involving hackers hijacking advertising space on websites and using it to spread malware. It’s growing rapidly and we wanted to make you aware of it.
You might be thinking “I never click on web ads, anyway,” or “So, what? Those sketchy ads are clearly a scam.” The trouble is that I’m not talking about the “I made $797 from home!” style ads.
These web ads often look exactly like the legitimate ads. (See the image at the top of this article.) They simply link back to malicious content, so you may click an ad for Bing and end up at Donny’s Discount Malware & Virus Emporium for a free sample. Or you might end up at the Bing website but along the way get redirected for a fraction of a second, which is all it takes to get infected.
Malvertising is different from conventional security threats because websites and brands aren’t actually compromised. Hackers don’t break into the affected sites and post fake ads, they simply buy advertising space like legitimate advertisers, steal ads from large brands and run those ads with links to the malicious sites.
The size and complexity of modern advertising networks makes it easy for hackers to insert their content into a legitimate network. The nature of web advertising and targeting available also means that advertisers can target specifics audiences. This also makes this type of threat difficult to detect as different users are being shown different ads and they’re constantly changing.
To combat malvertising, Individuals need to follow best practices, such as ensuring that their systems have the latest patches and updates not only for the operating system and browsers, but also for any related software and plug-ins such a Microsoft Office, Adobe Reader and Flash, and Oracle Java.
Beyond that, there are various tools available – from managed services to secure routers with content filtering and intrusion detection – that can help mitigate the risk posed by this and other forms of malware. You should also ensure that you’re not running Windows XP and that you never browse the internet while using the Administrator account.