What Is Malvertising?
Malvertising is a shortened term for malicious advertising, and is defined as using online advertising to spread malware. Malvertising requires placing malware-laden advertisements on legitimate web pages and through authentic online advertising networks in order to infect a web browser and device. Often, it’s very difficult to distinguish between legitimate and malicious online ads.
How It Works
This type of cybercrime occurs when web publishers unknowingly allow what appears to be a legitimate ad to be placed on one of their webpages. In reality, the advertisement itself is what contains the malware embedded deep inside the code of the ad. Once a site visitor clicks on the ad, their computer becomes infected. Sometimes ads come in “alert” form, such as a warning that there is a malware infection, in order to use scare tactics via social engineering to get the user to act quickly. Users will NEVER receive a legitimate warning via an ad through their browser about malware infections. Those alerts only come from a comprehensive Internet security program.
Another way that malvertising infects a computer is simply by the user loading the infected page, which is also known as a drive-by-download. Drive-by downloads can be installed on your computer simply by looking at a spam email, browsing a compromised website or via a malicious pop-up window. The ad is full of links that make browsers acquire software from harmful websites and pages via known security holes in unpatched web browsers. That's what makes it scary—because it's hidden behind the scenes.
How Do I Protect Myself?
Protection from malicious ads requires doing obvious things such as not clicking on “shady-looking” advertisements, no matter what they say or promise. If you have to, only on advertisements you want to buy, however it’s usually best to go straight to the source, be it a website or brick-and-mortar store. Additional protection tips include:
- A good, comprehensive Internet security suite such as Norton Security can prevent known malvertisements and drive-by downloads, and warn you when you try to visit a malicious website.
- The best thing you can do to protect yourself is to keep your computer’s software up to date, most importantly your operating system and browser. Often times, hackers utilize known security problems in software before manufacturers can patch the problem. Updating your software prevents you from being low-hanging fruit.
- Be suspicious of misleading pop-up ads with messages stating there is a virus on a computer, or another kind of error message relating to your computer.
- Don’t open emails that seem suspicious or “spammy,” especially if they contain attachments, or are from unknown senders.
- If you get a link in an email, a best practice would be to visit the main website by typing the address into your browser manually.
- If you’re the least bit suspicious about a URL, use Norton Safe Web to check it out.
Remember, be smart, and when in doubt, do not click on that ad!