Cybercriminals were recently caught making approximate $25,000 a day, through malware infected ads that they threw at un-suspecting users through popular sites like Yahoo, and others. This malvertising campaign that was on run for over two months, would have continued to prosper, if it wasn’t brought to limelight by some security researchers. Malvertising, initially not much thought of, is increasingly becoming a rising security threat-one that needs to be dealt with persistently and swiftly.

What is Malvertising?

Malicious advertising, more popularly known as Malvertising, refers to any online advertising network, which is infected by malware infested advertising, camouflaged with legitimate advertising. These online advertising channels are used by cybercriminals to introduce malware into computers, by embedding the legitimate ads with malicious codes on popular and trusted websites.

The fact that these online ads can be inserted into websites that are reputed and trusted by users, helps the cybercrooks in getting an opportunity to facilitate and push their attacks to internet users who otherwise might not have been exposed to these ads due to various safety precautions they might be taking. Malvertising, with little effort, is able to affect more people, hence is a lucrative choice of attack for hackers.

Another advantage that hackers have from using Malvertising as their method of attack is that it spreads malware into the system without much action required from the target’s end. It does not require the target to click on the infected ad, or creep in through the existing vulnerabilities of the system. Malwares from infected ads can silently creep into the affected system, without any other addition vector needed.

Malvertising rocks the world

In 2012, approximately 10 bn ad impressions were compromised by malvertising. This number has since only grown, and the ease with which Malware infected ads can infect even the most cautious users, has added to this.

In January 2014, Yahoo’s advertising servers were compromised to deliver malware to Yahoo site visitors. Fox IT discovered this incident and also reported that in January, 2014, some 300,000 users were exposed to infected ads with some 9% estimated to have been affected.

A news in September, 2014, reported that If you were the visitor to any of the following websites, amazon.com, yahoo.com, youtube.com and some 74 more odd domains, then you may have fallen a prey to the “Kyle and Stan” Malvertising Network that is responsible for distributing sophisticated, mutating malware for Windows and Macs.

In October 2014, it was reported by some security researchers that cybercriminals were caught making approximate $25,000 a day, through malware infected ads.

In the data overload world we live in today, it’s extremely easy to find information about new discounts and offers, without even looking for them. The ads are bombarded at you through the advertisements that you visit off and on, but when you visit these sites, you get more than what you bargained for. It’s essential that you understand the steps that are needed to protect you from this malware infection.

How to protect from Malvertising?

  1. Some basics involve not clicking on pop-ups claiming you are the nth visitor and have won an iPad/iPhone/anything else that appeals to you. It’s very tempting to click on them, but trust me, the only thing you win is the “must be avoided” attention of some very dangerous malwares.  
  2. Update your softwares periodically. Have the latest patches and updates not only for your OS but also for software and Internet browsers. All reputed and trusted softwares (we hope you use only the trusted ones, and if you don’t, well, then you must!) come up with security updates regularly, and inform you of the same. Do not ignore them.
  3. Take help from the experts.There are many internet security softwares that scan and detect malicious ads, trace their source, and provide immediate alerts. Some malware protection solutions also identify zero day malvertising on a daily basis.
  4. Weekends, festivals, shopping seasons- be more cautious of malvertising campaigns during these.
  5. For enterprises: Malvertising affects your business as well as reputation. If you are accepting advertising, you need to be more cautious of this. Enterprises should invest in a good security solution which protects their online environment from malware infected ads.
Founder & Chief Marketing Officer, Indusface

Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch, and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in security industry and had held various mgmt/leadership roles in Product Development, Professional Services and Sales @Entrust.