What You Need To Know About Malvertising

What is Malvertising?

What you need to know about malvertising falls under a few categories.  You need to know what it is and what it isn’t.  How malvertising affects you, and the entities that publish it.  And lastly, how you can protect yourself from it.

Malvertising is using online advertising to spread malware.  You do not get malware or pop up ads from only disreputable sites anymore.  Most highly reputable websites have ad space now.  The website owner does not know what ads are being shown.  The content delivery system serves ads to the site that the owner subscribes to.

Online advertising has become a complex network.  It involves publishers, ad exchanges, servers, retargeting networks and content delivery networks.  The content delivery network serves ads based on a user’s location and the site they visit.

Adware vs Malvertising

Users often confuse adware with malvertising.  Adware is installed with legitimate software.  It can be installed with or without the users knowledge or consent.  You would recognize adware as a browser toolbar that came with some free software.  Adware displays unwanted ads, redirects search requests to other advertising sites and mines data about the user to target and serve more ads.

Malvertising is different from Adware.  The user finds it on legitimate sites that are the unwitting hosts for these ads. The ads are then pushed through content delivery networks.  No one analyzes the ads for malicious code.  The code is run when the ad is displayed to the user.  The user views the ads and then the attack begins.

How does Malverising affect you?

Malvertising can perform different types of attacks, without you clicking on it.

  • Drive by – installation while viewing.  This happens if your browser has a vulnerability.
  • Forced Redirect – takes you to a different site
  • Executes Javascripts – Displaying unwanted ads, content, and pop-ups

When a user clicks on an ad, different types of attacks can occur.  Inside the ad, code is hidden directing the user’s machine to perform an action.  The machine creates a connection to a server.  That server is the host for another piece of software that determines if the machine is vulnerable in any way.  If it is, the server exploits the user’s machine and installs malware.  Then the machine can be:

  • Held for ransom
  • Used to give the code full access to the machine
  • Used to transmit sensitive info it finds
  • Added to botnets to perform attacks on other users

Does Malvertising affect publishers?

The threat to publishers is a damaged reputation and loss of traffic.  Most, if not all publishers displaying ads from a content delivery network have a reputable site.  People return to these trusted, reliable sites even if they previously were served malvertising.  It’s very difficult to prove that damage was done by a specific website, especially if the user is unaware anything happened until they had left the site.  This is why they return.

According to media outlets sites like the New York Times, BBC, AOL an the NFL have had malvertising campaigns on them.  We have seen it on local news sites as well.  They use the same ad content delivery.

How to combat Malvertising

Due to the way ads are delivered, it is difficult for users to protect themselves.  As with most security measures, the best offense is a good defense.  Here are a few easy ways to combat Malvertising:

  • Keep your devices patched and up to date with all software and  security updates.
  • Close your browser tabs and windows when not in use.  Ads can not display if there is nothing to display them on.
  • Consider the use of an ad blocker for your browser.
  • Use a good antivirus product on all your devices.



To sum up what you need to know about malvertising:

  • It’s embedded in ads on many reputable websites
  • The website owner does not know it is there
  • Malvertising can effect you without clicking on it
  • Clicking on it can be catastrophic to your machine
  • Use a good antivirus product, keep your devices up to date and use an ad blocker