By Joshua Bagwell
What is malvertising? It’s the practice of inserting malicious code into ads that you see on both legitimate and not-so-legitimate websites. Websites make money by selling advertising, but most do not create or even have any control over which ads are displayed on their website. They farm this out to a third party that will display ads relevant to the viewers browsing history. The malicious code isn’t inserted by the third-party ad generator, but by the advertiser supplying the ads.
Every day a large number of ads are submitted to the various advertising networks globally, making it very difficult for the advertising networks to check each ad thoroughly. This automation makes online ads vulnerable to malvertising. Often advertisers work on a complaint based system waiting until a complaint is lodged against an ad or ads from a specific group before performing a deep analysis. In addition, it is very difficult to identify exactly which ad is malicious because the ads on a webpage constantly change. This means that one visitor may be infected, but the next ten, who visit the same webpage, won’t be infected.
Ways to prevent these infections are the same as preventing other malware infections. First, keep your system up-to-date including the operating system, browsers, browser plugins (Java, Adobe Reader, etc.), AntiVirus, and if your router/firewall does content filtering, make sure that’s updated too. Also, user training is essential. Finally, since malicious ads will display a popup ad trying to get you to click on them, using software that blocks ads, such as AdBlocker, is a good approach.