Malvertising referred to as malicious advertising and it is been used by several cyber criminals to escalate malware in your computers with the help of infected advertisements.
When you click on these ads infected with malware they instantly download on your computer and affect your data and personal details stored in it.
It is difficult to put an accurate figure on the impact of malvertising. At their peak between 2014-2016, malvertising campaigns lead security research firms to report millions of malicious advertisements across the web.
Whether the rate of malvertising incidents has risen or not, one thing is clear. Malvertising can do a lot of damage to an unsuspecting user. With the low entry level to malvertising, the threat remains active.
Here we will help you understand what malvertising is, why it’s so popular, where it’s hiding, and what you can do about it.
What Is Malvertising?
“Malvertising” is “malicious advertising.” In short, malvertising is the practice of using online ads to infect computers with various types of malware.
A malvertising attack (also known as a drive-by malware attack) can work in a variety of methods. However, there are two common techniques:
- Pre-click: A malvertising campaign that uses a special script that automatically downloads as soon as the ad loads. The user doesn’t have to click anything; visiting the page containing the ad is enough. This allows an attacker to place malvertising in a landing page, or set up a malvertisement redirect chain to bounce users through several malicious pages.
- Post-click: As it sounds; the user downloads the malware after clicking the malicious ad. Attackers still use malvertising redirects to keep users moving through numerous pages.
Malvertising can carry all kinds of malware types. It can be anything from adware to ransomware, to a piece of code that changes settings on your router. Exploit kits are a common malvertising payload. If successful, an exploit kit can open your system up to other malware types. Botnets, banking Trojans, and cryptojackers are also on the malvertising menu.
What Is the History of Malware?
While Creeper, Brain and Morris are early examples of viruses, they were never malware in the truest sense.
Malware and the malicious code behind it is designed specifically to cause damage and problems on computer systems. While those described above found themselves causing issues by accident. Although the results were still damaging.
With the birth of the web and the ability to connect to computers around the globe, the early 90s saw internet businesses take off as people looked to provide goods and services using this new technology.
However, as with any other form of new technology, there were those who looked to abuse it for the purposes of making money — or in many cases, just to cause trouble.
In addition to being able to spread via discs — both floppy and CD-Rom varieties — the increased proliferation of personal email allowed attackers to spread malware and viruses via email attachments, which has been especially potent against those without any sort of malware protection.
Various forms of malicious software caused trouble for the computer users of the 1990s, performing actions ranging from deleting data and corrupting hard drives, to just annoying victims by playing sounds or putting ridiculous messages on their machines.
Many can now be viewed at the Malware Museum on the Internet Archive. Some of the attacks may have looked simple, but it was these that laid the foundations for malware as we know it today and all the damage it has caused around the world.
How Does It Work?
A small piece of code is hidden deep within a legitimate looking advertisement, which will direct the user’s machine to a compromised server. An exploit kid hosted on that server will execute once the users device makes a successful connection. The hacker can then install malware using a security bypass created by the exploit kit. When malware is successfully installed, it opens a world of opportunity and data to the jacker. A hacker could perform numerous actions such as extracting sensitive or financial information. The worst part of it all; this entire process happens incognito. The user has no idea their device is infected.
Of course, there are ways to spot malware, and certain things you can look for when you think your device may be infected.
Who Has Been Infected?
Anyone can fall victim to malvertising. In fact, some major companies have been previously infected with malvertising such as Reuters, The Daily Mail, and Huffington Post.
Let’s look at Huffington Post as an example. The attackers use a mix of HTTP and HTTPS redirects to hide the malicious servers in the attack. The analysis was extremely difficult, and it was difficult to uncover the hidden malware.
Researchers suspected attackers used the NeutrinoEK exploit kit or the Sweet Orange exploit kit, which served Adobe Flash and VB script exploits to then download the malicious executable, known as the Kovter trojan.
In the end, it was confirmed that the company took all necessary steps to clear up the cyber threat.
How Big a Threat Is Malvertising?
Judging the scale of malvertising can be hard. It is silent, and doesn’t come with the other common red-flags we train ourselves to spot.
Advertising is everywhere. Third-party-ad networks sell adverts to big sites like eBay, The Weather Channel, Rotten Tomatoes, and MakeUseOf.
Those sites display the ads in good faith. But if a malvertiser figures out how to insert a malicious ad into a legitimate ad network, there’s a chance it will appear on high-ranking websites before its caught.
Ad Networks Used as Malware Distribution Networks
The networks serving advertisements throughout the internet are largely automated, with only peripheral human involvement. This means attackers can take a chance. If successful, their infected ad will sneak through the security systems of an internet advertisement network. Even highly trusted ad networks, like Google’s DoubleClick, have distributed malicious ads.
The automation means a majority of websites are unaware of precisely what will be displayed on their site, removing themselves from the selection process—and further distancing themselves from potentially malicious content.
One tactic for malvertisers to get their ads into trusted networks is by buying ad space for benign ads first. Once a reputation as a legitimate advertiser is established, the malware-laden ads begin. Because they’re under less scrutiny than new advertisers, they have a brief opportunity to slip these malvertisements onto websites.
Just-In-Time Malware Assembly
A newer method of getting malvertisements published is just-in-time malware assembly. This includes innocent-looking components of code in the ads that are downloaded separately to a victim’s computer. They’re then assembled and compiled into the malware payload.
This payload can then run or download additional components to complete the assembly. This is especially difficult to detect.
Malvertising Threat on Mobile
Malvertising is a particular threat to mobile users. How many times have you accidentally tapped an advert on a website while scrolling through? Or clicked an advert in a game as you try to speed through cooldown timers or lockout screens?
A malicious ad doesn’t differentiate between a “proper” click and an accidental click. Smartphone design doesn’t help, either. The screen is great for scrolling, but precise clicking is a different proposition.
Another smartphone issue is a lack of security programs. Many users simply don’t consider their smartphone security in the same manner as a desktop or laptop.
Where Does Malvertising Come From?
Common sense tells us to avoid the sketchier side of the internet. Think about the sites you’d normally consider to host malware or be privy to a malvertising campaign:
- Pornographic sites
- Sites offering other NSFW/NSFL content
- Sites offering Flash games
- Illegal streaming sites
- Sites offering free software/cracks/keygens/warez
- Torrent sites
- Sites using “unreliable” TLDs, hosted in “questionable” countries
- Sites offering coupons, savings, and questionnaires
- Online dating sites
- Betting sites
Unfortunately, you can find malvertising absolutely anywhere. Because of how third-party ad networks operate, infected ads can be spread to a wide variety of otherwise very trustworthy sites at high speed. While there are sites that are more likely than others to infect you with malware, you can be hit at any time with one of these ads.
Malvertising is a stealthy delivery method, too. However, RiskIQ’s research showed that in 2015, the most common form of malvertising was through fake software updates, especially for Adobe’s Flash plugin. They can also be spread through fake virus and malware warnings, though the prevalence of that particular method has decreased.
Tracking Malvertising Campaigns
Back in March 2015, Malwarebytes announced it had tracked a particular campaign as it dynamically traversed various internet outlets, culminating in malicious advertisements seen on:
- MSN.com: 1.3 billion monthly visits
- NYTimes.com: 313.1 million
- BBC.co.uk: 290.6 million
- AOL.com: 218.6 million
- my.xfinity.com: 102.8 million
- NFL.com: 60.7 million
- realtor.com: 51.1 million
- theweathernetwork.com: 43 million
- thehill.com: 31.4 million
- newsweek.com: 9.9 million
The injected malicious ads were designed to deliver the Angler exploit kit. This is known to search for and exploit vulnerabilities in HTML, Silverlight, Flash, JavaScript, Java, and plenty more. Once the Angler EK is installed, it installs a variant of commonly seen ransomware TeslaCrypt or AlphaCrypt. With the potential to infect literally billions of users, the malvertising stakes are constantly rising.
How to Protect Yourself Against Malvertising
It looks like a mammoth task. The malvertisements are seemingly everywhere, but there are a few precautionary steps you can take:
- Disable Flash and Silverlight. Both are frequent targets for attackers, both frequently contain security vulnerabilities.
- Use script management add-ons. As most ads and scripts are automatically implemented, you can use a script blocking browser extension to control your web content.
- Use and update your antivirus. This will catch more things than it misses.
- Consider upgrading. Malwarebytes Premium is a worthwhile investment alongside a free antivirus suite. I use Windows Defender and Malwarebytes Premium for a more secure system.
Until there is a monumental shift in how the internet is funded, ads will continue to be served as part of our day-to-day browsing. Massive ad-networks aren’t going to disappear unless there is a viable alternative, inclusive of those existing advertising behemoths. They certainly won’t want to relinquish their profits.
And while each of the major ad-networks will be actively addressing the malvertising menace, there is still a major emphasis on self-protection.
Conclusion
Malvertising practices are not going to stop in future as it is one of the easiest ways from which cybercriminals can plan major attacks. It depends on users and website developers how they can survive themselves from these attacks. It is important to adopt some safety measures like improved browsing habits, stop trusting all the ads and even visit the website directly instead of clicking on different offers and discounts displayed in the ads.
