So what is malvertising? Can you tell the difference between the two ads below?
Advertisement A Advertisement B
They may appear to be identical, but actually, they are far from it. Advertisement A is a perfectly legitimate ad, while Advertisement B contains malware.
Advertisement B is an example of malvertising, or malicious advertising. Malvertising is a hack cybercriminals use to spread malware via online advertisements. As you can see, malvertisements are deceiving and the damage can go beyond your website by infecting your computer with malware.
Cybercriminals use malicious advertisements to hack websites and computers. Sometimes they will inject malicious code into a legitimate advertisement. In these cases, malicious code is hidden in iframes, which are HTML elements that allow ads to appear on webpages. Other times, they will create a malicious ad and use advertising networks to deliver the malware. When using a network, cybercriminals are able to insert their malvertisements across millions of websites at a time.
Typically, users are infected by malvertisements in one of two ways. First, is by clicking on a malicious ad. The click may prompt a pop-up warning you that your computer has been infected. In order to “fix the issue,” the user is asked to download software. This is a tactic cybercriminals use to manipulate users into downloading malicious software onto their computer.
The second method a hacker might use to spread malware is through the use of a drive-by download. This method does not require a user to click on an advertisement. Instead, the visitor is infected with malware simply by visiting a website hosting a malicious ad.
All websites are malvertising targets, including high-profile sites. To give you an example, PerezHilton.com, a high-traffic pop culture site, fell victim to a malvertising attack in May 2016. In this malvertising campaign, the cybercriminal inserted malicious code to an iframe. When visitors clicked on the malicious ad, they were redirected to an exploit kit that spread malware to the users’ computers. We have provided a couple suggestions below so you can reduce your risk of malvertisements.
You should start by ensuring that your plugins and software are updated in order to reduce your risk. Older versions of plugins and content management systems (CMS) are access points for hackers and can be full of exploits. When you are running everything on the most updated version, you help prevent malware.
A website scanner is one of the most effective tools you can use to find malware on your website. A scanner will thoroughly check your site for malware and alert you if it finds traces of malicious links. The SiteLock INFINITY website scanner takes it one step further and will automatically remove the malware from your website, reducing your risk of malicious ads.
Questions? Call SiteLock at 877.563.2791 to see how we can help you prevent malvertising on your website.