“Malvertising” is a portmanteau of “malicious advertising,” which is the practice of using online ads to infect computers with various types of malware. Malware is defined as “a short for malicious software and refers to software programs designed to damage or do other unwanted actions on a computer system,” as defined by TechTerms. The most important thing is that it can do a lot of damage to unsuspecting users.
A drive-by malware attack, better known as a malvertising attack, can work in a variety of ways, but there are two widespread methods:
1. Pre-click: A campaign that uses a special script that automatically downloads as soon as the ad loads. The user doesn’t have to click anything and does not have a clue, as visiting the page containing the ad is enough. This allows an attacker to place malvertising in a landing page, or set up a malvertisement redirect chain to bounce users through several malicious pages.
2. Post-click: In this case, the user downloads the malware, after clicking the malicious ad that does not seem to differ from the legitimate ads. Attackers use malvertising redirects to keep users moving through more pages.
Malvertising can carry all kinds of malware types. It can be anything from the adware (free software supported by advertisements, sometimes used as spyware) to ransomware (a type of malware that blocks the access to your files until you pay a ransom) or to a piece of code that changes settings on your router. If exploit kits, which are programs that collect and manage multiple exploits are successful, they can open your system up to other malware types. Botnets (a group of computers infected with malicious software), banking Trojans (programs that pretend to be regular programs) and crypto jackers (the malicious use of a computer, which is infected to mine cryptocurrencies, without its owner’s consent) are also serious forms of malware.
Although it would be difficult to evaluate the impact of malvertising, during 2014-2016, security search companies reported millions of malicious advertisements over the web.
But, by now, you already know that Ad Guardian Plus means no more malvertising!
2 Comments