Table of Contents

    What Is Malvertising?

    Malvertising

    Malvertising, also known as malicious advertising, is a common technique used by cybercriminals to initiate their attack campaigns against end users. 

    In this type of attack, the criminals inject malicious code on genuine online advertising networks. 

    Upon viewing the advertisement, the malvertisements will try to download the malware directly to the visitor's system or will take the visitor to such websites that distribute viruses. 

    The user can be attacked simply by visiting a site that hosts malicious ads. 

    The online advertising network involves a complex bridge of ad servers, ad exchanges, publisher sites, content delivery networks, and redirection networks. 

    Perpetrators tend to exploit this complexity by placing malicious content in places within the advertising ecosystem to redirect users.

    Some of the renowned websites that have fallen prey to malvertising include The New York Times, The Atlantic, Spotify, and The London Stock Exchange. 

    Is It The Same As Ad Malware?

    One can get easily confused between malvertising and ad malware.  Here are some notable differences between them:

    • Malicious advertising involves placing malicious code on the ad network. When clicked, it redirects the user to a malicious website.  Adware runs on the user’s computer and is mostly hidden inside a package that also contains legitimate software. If your device has adware, you’ll get unwanted ads and random redirects. The adware can also mine your browsing data to serve you targeted ads
    • Malvertising infects only those users who view the infected page. Once adware enters the system, it operates continuously in the background
    • Malvertising acts as a pathway to make money and it doesn’t make money for the attackers by itself. Adware immediately makes money for the attackers as they get paid by the advertisers whenever an ad is displayed to a user

    How Malvertisements Work

    The user can fall victim to malicious advertising by clicking on an infected ad or by just visiting the infected page. 

    Cybercriminals launch malvertising attacks by buying ad space and then by submitting infected images with malicious code. 

    For Web Users

    Malvertisement infects the users when they click on the ad or just view the ad.

    When the user only views the malvertisement without clicking it:

    • A "drive-by-download" - malware or adware - is installed on the computer. This is due to browser vulnerabilities
    • The user will be forcefully redirected to a malicious website
    • There will be displays of unwanted advertising, pop-ups, and other malicious content that aren’t served by the ad network

    When users click on the malicious ad:

    • The threat executes the code that installs the malware on the user’s system
    • The malware redirects the user to the malicious website instead of the ad’s content
    • The user gets redirected to a malicious website which is very similar to the real website. This fake website is operated by the attacker

    For Publishers

    Malvertising is infecting publisher’s sites without their knowledge. 

    Sites almost always sell their media through programmatic or third-party demand partners, because of this it has become difficult to control the ads that are served. 

    The hackers target specific sites and companies and then insert malware through the server. 

    Although publishers are quite aware of such problems, it’s extremely difficult to test all of the ads before showing them to the users.

    How To Combat Malvertising

    Malicious advertising prevention should be a huge priority for advertising channels and organizations. 

    They should take a strong stance to protect against such instances.

    End users can help mitigate malvertising by doing the following:

    • Install anti-virus software and ad blockers that can protect against malicious code that is executed by malicious advertising
    • The use of Flash and Java should be avoided as these are easily exploited
    • Regularly updating browsers and plugins helps to prevent attacks

    Publishers can help prevent malvertising by doing the following:

    • Publishers should inquire about all the ad delivery paths and take preventive acts for increased security
    • Scan the creative components of the ad copies for malware or similar code and should only allow ads of specific file types. They should disapprove ads running on JavaScript
    • Some of these threats can be prevented by using Imperva’s Web Application Firewall (WAF) which helps to block the execution of the malicious code

    How Is Malware Placed Inside the Ads?

    There are several mechanisms used by the attackers to insert malicious code into ads:

    • Malware in ad’s calls to action: When the user clicks on a page that contains an ad, the exchange of the ad pushes the user through third parties. These pages can be compromised by an attacker which leads to malicious code being added to the ad playlist
    • Injected post-click: When one clicks on the ad, they are brought to several URLs that end with the ad landing page. Any of the URLs can execute malicious code
    • Placed within the ad creative: Several sites contain text or banner ads which can be an image or JavaScript. This can contain malicious code
    • Hidden in the pixel: Pixels are generally embedded in codes in an ad call-to-action or on the landing page. This helps to send the data to the server for tracking. The malicious code can intercept the pixel's delivery path
    • Within the video: Video players aren’t protected by malware as they consist of a format called VAST that can contain pixels from third parties
    • Within the flash video: Videos based on flash can easily download malware even if the user doesn’t click on the site since flash sites load a pre-roll banner which can be infected by the attackers
    • On the landing page: There can be many clickable elements on a landing page that can execute malicious code

    Bottom Line

    Security researchers should be advised to install antivirus tools and keep all the software updated including the operating system, browsers, Adobe Flash, and Java. 

    Malicious advertising will continue to be a problem, thus organizations and end-users should learn to identify these malvertising attacks. 

    The risk of this threat can be minimized through education and vigilance, which ultimately is what will keep your data safe and intact.