Malvertising! The overlooked risks in Malicious Ads.

One form of attack that is fairly well known but unfortunately often overlooked is actually fairly passive, until you engage it of course. Malicious advertising, also known as “Malvertising,” seeks to trick users into clicking interesting ads and accidentally allow bad websites to download malware or spyware onto your system.

Although Malvertising is fairly well known, and many people are cautious of clicking on just any link, the fact of the matter is that these attacks still often succeed as they prey on people’s curiosity and carelessness. Earlier this year, Forbes had an issue where their website was infiltrated by malicious ads, and Astria’s customers have also encountered bad ads on good websites as recent as last week. So we thought it would be wise to discuss the Malvertising issue further on Astria Horizon, to educate readers on things to be aware of.

Malvertising attacks work in a couple different ways, but one common tactic employed is creating catchy or interesting titles to draw people in. Some of them are obvious to avoid, offering unrealistic credit card offers or claiming your system is already infected with viruses. But some are more subtle, preying on users being curious or genuinely interested in the topic of discussion.

These generally ads target individuals that are not aware of the dangers online. One such ad encountered by Astria in recent weeks offered a slideshow of photographs of WWII Aircraft, likely targeting older veterans with less online experience. Young people could be targeted by surprising news about their favorite celebrities, and other ads can be similarly targeted towards other people. Some ads even try and blend in with other news or articles on websites in hopes of users clicking them thinking they are a genuine part of a trusted website.

Once on the bad website, the attackers will try and trick you into downloading and running malicious software. They could claim you need a flash player update to view the promised images, or try and scare you into accidentally downloading malware by claiming your system encountered critical errors and needs to be repaired. However the ploy goes, once you download and install a bad file, your system will be infected. TrendMicro has a useful infographic showing how malicious ads can gain a foothold that helps in visualizing these attacks.

It’s important to be aware of these tactics and the tricks that Malvertisers use, because the more aware you are of them, the better you can recognize their traps and avoid them. In general, remember that ads that make promises that are too-good-to-be-true, usually are. And if pages claim you need to update Java or Flash to use them, update them directly from Adobe or Oracle. It is best to avoid downloads for these programs except from their publishers.

The biggest aid in your defense against Malvertising is really an air of caution. Weigh the risks: Is it worth finding out the latest in celebrity gossip if it could mean rebuilding your computer? Consider these things when you encounter suspicious ads and you’ll be much better off in the long run. There are other, genuine sources for news and articles that interest you, and it is better to find it there.

Astria Business Solutions also has tools to help prevent Malvertising from attacking your system, and knows how to deal with infections if they should occur. For more information on our services, visit our website at AstriaBiz.com, or you can contact us here.