Malvertising: A Practical Guide to Protecting Yourself

By Haystax, January 4, 2016 | SHARE

By Marvin Marin and Andrew Paulette

With the dramatic rise in internet access and use over the past decade, it is easier than ever for companies to reach an audience in the millions with advertisements for their products and services.  To monetize this opportunity and help keep websites “free,” advertising networks offer thousands of ads to websites based on their demographics.

While these ads are normally harmless, malicious actors have found methods to target advertising networks and submit ads embedded with malicious code.  Because of the techniques and consequences of this “malvertising,” this form of malware delivery offers a unique set of challenges to websites, advertising networks and end users, and it deserves special consideration.

Malvertising impacts users by serving malware on reputable sites via advertising content.  Malicious code is first embedded into an advertising network via ads to be used on websites across the internet.  While some advertising networks may screen their advertisements for malicious code, skilled attackers can employ stealth tactics to hide their malware from these detection systems.  Once the attacker has paid a small fee for the right to display their advertisements within the ad network, they can define the demographics of their intended audience (their target) and wait for vulnerable users to be redirected to the malware. In 2014 alone, the security firm Cyphort estimated that malvertising attacks rose 325%.

The ease of distributing a malvertisement coupled with the ability for it to be installed without the user knowing it give a malicious actor the equivalent of a hunting blind to work from.  It’s not uncommon for professional brands to be used in these types of attacks, either.  For example, YouTube and Reuters have been victims and unwitting distribution points of malvertisements.

A malvertisement attack occurs when a user goes to a website that hosts the malvertisement. The “ad” will display, and in the background a JavaScript or Flash-based ActionScript will covertly route the browser to a different location where it will download a rootkit or other malicious content.  The user will not be aware of the infection.  The malware could then take whatever action the creator wanted, including remote control of the device, encryption and ransom of the user’s PC, or stealing information such as logon credentials or account numbers.

The ability for this compromise to occur with stealth and either pre- or post-click (or with no click at all!) makes it particularly insidious. Here are some high-level recommendations to avert malvertising:

Industry also has a vested interest in policing itself, as revenues will decline as more users adopt adblocking software. Additionally, reputable companies will avoid employing advertising networks that have been caught hosting malvertising to avoid damaging their brands.

Malvertising is more than just an information security problem for users; it goes to the heart of e-commerce as it threatens people’s ability to access content freely and with minimal risk.

In this article: cybersecurity, Haystax Technology