Oxford Dictionary defines malvertising as ‘the practice of incorporating malware in online advertisements.’ Short for malicious software, or malware advertising, this is the practice of attacking viewers or consumers with fraudulent information that is inserted into sometimes (but not always) legitimate advertisements.
Malvertising works in conjunction with the online advertising ecosystem by initiating multiple redirects after the user clicks or views an infected advertisement. This is done by cyber criminals hiding a small bit of code within legitimate advertising content. This can be integrated into ad servers, publishing servers, or other platforms that work together to display online ads. For example, the New York Times publishes content from its writers as well as content that is in partnership with businesses that have hired ad agencies to provide digital ads. This means that there are multiple moving parts that work together to provide the ad interface and content for readers to access the ads. Along with other legitimate sites like the BBC, The Onion, The London Stock Exchange, and many other websites, they have been injected with malicious ads that led to readers being hijacked and redirected to sites demanding a ransom to unlock their computers.
Because of the vulnerabilities of some browsers, the installation of the malware can happen simply by viewing the advertisement. Malvertising isn’t the actual virus, but it can lead to the deployment of one. It is threatening because it isn’t always detected right away – or ever – and it doesn’t require action by the reader or viewer to be deployed and dangerous.
Malvertising is not the same as ad malware or adware. Adware (short for advertising-supported software) is installed usually without knowledge from the user. This can include pop-up ads that are automatically and repeatedly displayed without the ability to stop or control them by the user.
AllSafe IT recommends the following best practices:
AllSafe IT is proud to have spent over 15 years providing IT services to hundreds of companies in many different sectors. Our specialized services are uniquely tailored to provide our customers with the reliability, protection, and fast services needed to ensure 100% uptime and maximized data security. From comprehensive and preventative cybersecurity strategies to 24/7 customer support, AllSafe IT understands the unique needs of your business.