What is Malvertising?
Advertisements are a part of the modern way of life. Companies are pushing their products to potential consumers in every way possible. The Internet is not an exception. Online advertisements have been both beneficial and annoying since its inception. It has taken different forms such as banner ads, pop-ups, animation, video ads, and others. Due to its pervasiveness, it is becoming a perfect tool for hackers to spread threats across a large group of possible victims.
What is Malvertising?
Malvertising, also known as malicious advertising, is the use of popular advertising media on the Internet to spread malware. It typically involves injecting malicious scripts into legitimate advertising networks and pages. Hackers inject unwanted malicious code into ads. They can then pay legitimate ad networks or websites to display their ads.
The malicious script has an enormous potential of being spread by using ads as a medium of delivery. Moreover, users tend to trust ads specifically of brands that they know. Advertisements are also quite useful in generating clicks from users.
More often than not, websites and advertising networks online do not know if the ads they are carrying contain any malware. Very few examine the ad that goes on each page. In fact, it is impractical to check every ad that loads every time a user visits a web page. Due to this, it is difficult to fight malvertising head on.
How Malvertising Works?
Malicious entities would often hide small pieces of code within a legitimate looking websites. The codes, or rootkits, aim to redirect a user to malicious websites, persuade the user to download malware or connect to the hacker's server. An exploit kit determines vulnerabilities and security holes in your system. It will send this information to the server where the hacker can evaluate and execute a specific command to further exploit your computer.
Furthermore, in cases when the hacker can install additional malware on your computer, it can inflict further damages. It can allow full access to your computer, monitor and gather financial and sensitive information, and even lock your system for a ransom. Others may add your system to their botnet which forces your computer to perform malicious actions such as attacking another system.
There are many vulnerabilities which these entities can exploit. Adobe Flash, Oracle Java, and Microsoft Silverlight are the most common targets. It is effortless to target these software vulnerabilities if they are not updated. Moreover, older operating systems and those which are not updated yet are also in danger.
Types of Malvertising Infection
There are different ways that a malvertisement infects your system. However, the two most common techniques are pre-click and post-click malware. It is a common misconception that infection only begins when a user clicks on the advertisement.
Pre-click malware is usually embedded in the main scripts of the ad or through drive-by downloads. This type of malware can load into your system even without clicking the ad. When a webpage loads, it may load the script for the ad which contains the malicious code. The user is typically unaware of this. Once the script enters in your computer, it can proceed to execute its goal.
Post-click malware activates when a user clicks on the ad itself. Hackers embed it in the ad itself just like pre-click scripts. Typically, it redirects the user to a malicious website instead of the legitimate destination. From there, it can trick the user from downloading more potent malware.
Take note that the owners of websites and ad networks usually have no idea if an ad is infected or not. As mentioned above, it is practically impossible to check each ad as it loads on the page. Moreover, advertisements are one of the primary revenue sources for most websites and online services. Sites often operate on a complaint-based system. They can only act if users complain about a specific ad with a detailed account of what happened.
Recent Cases of Malvertisement Infection
One of the early manifestations of malvertisement was the proliferation of the Bahama botnet. A large part of the click fraud scam took place on smaller websites. However, the online magazine The NY Times was found to be serving an advertisement which is infected by the fraud. The suspect paid a legitimate ad space for the weekend of September 11 to 14. The legitimate ads were redirecting users to a virus alert malvertisement which tricked users into downloading software.
A more recent version was a campaign by the Kovter Group in 2017. It distributed the ad fraud malware called Kovter. It targeted potential victims across the US, Canada, the UK, and Australia. The Kovter malware showed different variations on fraudulent browser update. It fooled customers into clicking the ad and downloading the malware. The attack has been active for about a year before it was shut down.
Browser-based Cryptocurrency Mining
Cryptocurrency mining is not new. It dates back as early as 2011 when mining was still relatively easy. Back then, it was still possible to conduct mining with personal computers. Both file-based and browser-based cryptocurrency mining require processing power and electricity.
Eventually, cryptocurrency became popular, specifically Bitcoin. File-based mining methods produce Bitcoin. However, in its current state, it is quite expensive to mine Bitcoin due to its requirement in processing power and hardware. The most efficient to own cryptocurrency is to participate in purchasing and exchange.
Beyond Bitcoin, there are multiple types of cryptocurrencies such as Etherium, Dash, and Litecoin. The public began noticing cryptocurrency as its prices rise. Browser-based mining is problematic, unlike the more famous file-based mining. Websites use its visitors' computers to mine cryptocurrency using scripts embedded in its web pages. Users are typically unaware that their computers are running intensive process scripts. In 2015, the New Jersey Division of Consumer Affairs decided that it is unlawful to access to "a person’s computer processing power."
Unfortunately, experts are beginning to discover hidden scripts in ads which illegally runs mining processes without the knowledge of the users. While it is a legitimate alternative to ads as a source of revenue, users are usually unaware that scripts are running. It typically affects their browsing experience. The scripts would often use the Coinhive service which mines the cryptocurrency Monero.
YouTube was recently caught running ads which use visitor's CPU's to mine cryptocurrency. Pirate Bay, the popular torrent website, was also known to run browser-mining scripts which significantly slows down the users' computers.
How to Protect yourself against Malvertising?
The ability of the malware to spread rapidly and its medium of proliferation makes it very difficult to combat directly. Moreover, most websites and ad networks are unaware of the nature of the ads loading in their pages. On the other hand, users are also susceptible to persuasive ads especially deals and other discounts. However, there are a couple of things that you can do to lessen the possibility of seeing a malvertisement. Here are some:
The browser is the center of most online activities of any user. As such, it is only as secure as the user makes it. One of the things that you can do is ensure that your browser is up-to-date. The regular Windows operating system update typically includes new versions of Internet Explorer and Microsoft Edge. That means the user does not need to update these browsers manually.
For Google Chrome users, click the triple-dot menu in the upper right corner of the browser. Hover over Help, then click About Google Chrome on the submenu.
A new tab will open. It should confirm if your Google Chrome is up-to-date or if you need to update.
For Firefox users, click the hamburger menu icon in the upper right corner of the browser. Click Help. Then, click About Firefox on the submenu.
A small pop-up window should appear. Just like Google Chrome, this will notify you if your browser is up-to-date or not.
Disable Java and Flash
The most common targets of attacks are Java and Adobe Flash. Due to this, most websites opt-out of using the technologies in their pages. Unless you have specific tools and websites which require Jave or Flash, it is best to disable them.
- internet explorer
For Chrome users, open a new tab and type chrome://settings/content/flash in the address bar. Under Flash, turn off the switch from Ask first (recommended) to Block sites from running Flash.
For Firefox users, click the hamburger menu icon then select Add-ons. Go to the Plugins tab. Find Shockwave Flash then select Never Activate from the drop-down menu.
Internet Explorer users can disable Flash by clicking on the Settings gear icon on the top right corner. Click Manage Add-ons. Then, select Toolbars and Extensions on the left side. On the right side, find Shockwave Flash Object. Right-click on it then select Disable.
For Microsoft Edge users, click the triple-dot menu in the top right corner. Select Settings. Then, scroll down and select View advanced settings. Turn off the option under Use Adobe Flash Player.
To disable Java, you can follow the steps in this article.
Install Ad Blockers
Ad blockers are amazing add-ons which protect you from most ads. These plugins are helpful in minimizing annoying ads and preventing them from loading and gathering information from your system.
On such plugin is the AdBlock Plus. You can find it in most major browsers in their add-on marketplaces. It blocks banners, tracking, pop-ups, and more importantly, malware. It aims a balance in advertising by allowing nonintrusive ads. Also, it is free of cost.
Another helpful plugin is Ghostery. Its goal is to declutter your browsing experience by minimizing ads and protect your privacy by blocking tracking technologies. It prevents any suspicious scripts even before they load. Additionally, it shows detailed reports on what trackers and scripts it stops on every page.
Install an Anti-Malware
The most critical step to ensure security is to install an anti-malware on your system. Excellent tools, such as MalwareFox, not only protect your from malvertisements, but also add a layer of overall protection for your machine. MalwareFox cleans up your browser by removing unnecessary extensions and plugins. Its real-time protection detects threats before it installs itself on your computer.
Also, you can set-up a regular scan of your machine to ensure a clean and healthy system. It will catch any malware programs that manage to infiltrate your computer. MalwareFox also analyzes any questionable file behavior and promptly blocks any applications that function like a malware.
Malicious entities use ingenious methods, such as malvertising, to help spread their malware faster. While you cannot completely get rid of ads and the associated risks, you can lessen the possibility of infection by following the steps above. Combined with a healthy and clean browsing habit, you won't need to worry too much about any threats.