We all do our best to avoid advertisements in general, but with the evolution in online advertising, so comes the various ways hackers can use them to exploit our computers and the networks the reside on. With a recent rise in ‘malvertisements’ we’re forced once again to maintain vigilance in yet another area of possible compromise.
What are malvertisements exactly?
Plain and simple, it is when criminals inject malware or scareware into online advertisements. These malvertisements might be, for example, Flash files that make use of exploits, or use scare tactics that “warn” users about viruses that are on their computer and urge people to click on the link to install fake anti-virus software.
Don’t think they exist on websites you frequent?
These advertising networks have a broader reach across the internet than you might imagine. Malvertisements are considered grave threats, especially since much like website compromises, attacks related to these usually involve trusted sites that users already typically visit without risk of system infection. Even the New York Times’ web site was hit with one of these fake advertisements. Earlier this year, researchers also found malicious ads being displayed in a Web-based email service, directing users to URLs serving PDF exploits.
But it gets worse, you could be doing everything right and still end up infected. You do all the right things and take all the right precautions right?
You might keep your anti-virus software up to date, always install the latest patches, avoid sketchy programs and web sites, and not fall for any phish…..and still end up with malware.
One of the more popular variations of malvertisements actually takes advantage of your diligence in maintaining your security efforts. Fake virus scans have been a growing tactic to convince people to install malware onto their own computers. This kind of malware is growing in sophistication, and is causing damage to legitimate anti-virus vendors too by reducing people’s trust. Admittedly, it’s a good strategy for the bad guys to take.
When looking at viable options for protecting against malicious efforts such as these, it’s important to utilize a security product with a strong Web reputation technology that can help determine bad links from good ones because let’s be honest….your standard anti-virus software can’t compete nowadays.
Let me know if I can help assess your current security strategy…
Rick Mark
rmark@singerlewak.com
