RESEARCH BLOG

Malvertising: Taking annoying ads to the next level


Advertising has always been a necessary part of entertainment. You may just want to read that article posted online without interruption, but someone has to pay the writer's salary; if you aren't doing it then an advertiser has to. However, a technique being used by hackers to infect computers is turning this model on its head. 

Malvertising is a term for hiding malware within advertising on legitimate sites, thereby lulling users into a false sense of security right before their machines get compromised. It's a hard-hitting form of hacking that can lead to the breaching of private information, which is why users should do everything they can to avoid becoming a target. 

"Hackers generally go through third-party ad providers."

No site is safe

Until recently, the best way to stay safe online was to avoid less-than-reputable websites. Big, recognizable names were considered secure, as these companies had the money to keep hackers at bay. However, as a recent malvertising campaign levied at viewers of Forbes content showed, size doesn't really matter if hackers know how to play the system. 

In a move to boost advertising numbers on its site, the company recently decided to force people using ad blockers to turn these applications off when viewing Forbes content, according to Network World. While this certainly boosted views of ads on the site, it also allowed hackers to deliver malware-laced pop-up ads to anyone viewing the annual "Forbes 30 under 30" article. 

Although this ironic twist of fate has hurt Forbes's reputation within the cybersecurity community, it isn't entirely to blame here. While ad blockers certainly help fight the risk of infection from certain malvertising campaigns, How-To Geek contributor Chris Hoffman explained this software doesn't stop every threat

According to Hoffman, something as simple as forgetting to patch outdated pieces of software could allow hackers an easy way into your computer. Hackers generally go through third-party ad providers to release their malvertising, which is why it doesn't really matter how reputable the original site is. Once a vulnerability has been established, a Flash object can be used to compromise your machine. Most computers automatically play Flash files, which allows cybercriminals to bypass the human element and infect your computer more efficiently. 

Malvertising is used by hackers to infect machines. Malvertising is an easy way for hackers to infect your computer.

What can the average user do?

Even though they aren't perfect, applications like Adblock Plus still work to fend off certain malvertising campaigns while also giving you an ad-free experience across the Web. Another action users can take is to enable Click-to-Play in their browsers, which allows users to choose which Flash plug-ins they want to view and which they want to leave them be. This allows the user to take control of what's being downloaded by their computer, thereby decreasing the risks of automatically getting compromised by malvertising. 

Finally, those wishing to defend their computers should look into cybersecurity software designed to ward off malware. This technology is meant to be a last line of defense against malicious campaigns like malware, and could very well save you from the headache of dealing with malvertising.