One form of attack that is fairly well known but
unfortunately often overlooked is actually fairly passive, until you engage it
of course. Malicious advertising, also known as “Malvertising,” seeks to trick
users into clicking interesting ads and accidentally allow bad websites to
download malware or spyware onto your system.
Although Malvertising is fairly well known, and many people are
cautious of clicking on just any link, the fact of the matter is that these
attacks still often succeed as they prey on people’s curiosity and
carelessness. Earlier this year, Forbes had an issue where their website was infiltrated by malicious ads, and Astria’s customers have also encountered bad
ads on good websites as recent as last week. So we thought it would be wise to discuss the
Malvertising issue further on Astria Horizon, to educate readers on things to
be aware of.
Malvertising attacks work in a couple different ways, but
one common tactic employed is creating catchy or interesting titles
to draw people in. Some of them are obvious to avoid, offering unrealistic
credit card offers or claiming your system is already infected with viruses.
But some are more subtle, preying on users being curious or genuinely interested
in the topic of discussion.
These generally ads target
individuals that are not aware of the dangers online. One such ad
encountered by Astria in recent weeks offered a slideshow of photographs of
WWII Aircraft, likely targeting older veterans with less online experience.
Young people could be targeted by surprising news about their favorite
celebrities, and other ads can be similarly targeted towards other people. Some
ads even try and blend in with other news or articles on websites in hopes of
users clicking them thinking they are a genuine part of a trusted website.
Once on the bad website, the attackers will try and trick
you into downloading and running malicious software. They could claim you need
a flash player update to view the promised images, or try and scare you into
accidentally downloading malware by claiming your system encountered critical
errors and needs to be repaired. However the ploy goes, once you download and
install a bad file, your system will be infected. TrendMicro has a useful infographic showing how malicious ads can gain a foothold that helps in visualizing these attacks.
It’s important to be aware of these tactics and the tricks
that Malvertisers use, because the more aware you are of them, the better you
can recognize their traps and avoid them. In general, remember that ads that
make promises that are too-good-to-be-true, usually are. And if pages claim you
need to update Java or Flash to use them, update them directly from Adobe or
Oracle. It is best to avoid downloads for these programs except from their
publishers.
The biggest aid in your defense against Malvertising is
really an air of caution. Weigh the risks: Is it worth finding out the latest
in celebrity gossip if it could mean rebuilding your computer? Consider these
things when you encounter suspicious ads and you’ll be much better off in the
long run. There are other, genuine sources for news and articles that interest
you, and it is better to find it there.
Astria Business Solutions also has tools to help prevent
Malvertising from attacking your system, and knows how to deal with infections
if they should occur. For more information on our services, visit our website
at AstriaBiz.com, or you can contact us here.
No comments:
Post a Comment