Home / Insights / All About Malvertising Attacks

All About Malvertising Attacks

Rob Douglas
Last Updated May 24, 2021 8:01 am

What is Malvertising?

Malvertising (malicious advertising) is one of the newest ways that hackers are using to attempt to steal personal information and to cause havoc with computer users.

This type of malicious online advertising is typically performed by masking malicious computer code with seemingly harmless online advertisements. The advertisements may lead to harmful or deceptive content or may directly infect a victim’s computer with malicious software (malware) that can damage data, steal personal information or even bring the user’s computer under the control of a remote operator.

Big Companies Affected by Malvertising

In September of 2009, Microsoft filed five civil lawsuits against alleged perpetrators of malvertising crimes, in which malicious computer code is masked with seemingly harmless online advertisements. The advertisements may lead to harmful or deceptive content or may directly infect a victim s computer with malicious software (malware) that can damage data, steal personal information or even bring the users computer under the control of a remote operator.

One of the more common ruses is to redirect the viewer of the advertisement to a site that warns the user of spyware or malware on his or her computer and offers to scan it for free. Typically, clicking on the “scan my computer” or similar instruction actually places the malware on the computer.

Such was the case with a malvertisement that a fraudster somehow placed on the New York Times Web site in mid-September. According to published reports, the malvertisement initially posed as Vonage, the Voice over Internet Protocol company, and appeared to be legitimate. At some time after being accepted by the newspaper s Web site, part of the software code switched the display from Vonage to the malicious software. The malvertisement took over the screens of some visitors to the site; showed what appeared to be a computer scan and told viewers they needed to buy software which was bogus to correct the problem.

The attacks Microsoft complained about and that hit the New York Times aren t entirely new, but are still in their infancy. According to U.K.-based Deloitte LLP, in 2008, one piece of malvertising reached 2 percent of all U.S. Internet users. These false advertisements are typically placed on trusted, reputable, well-trafficked sites, Deloitte added.

Microsoft recommends taking the following precautions to protect against the threat of malvertising:

  • Make sure you re using legitimate and up-to-date anti-virus, firewall and anti-malware/spyware tools.
  • Be extra cautious about offers to secure or scan your computer with security software or programs you don t recognize.

DID YOU KNOW…
In September 2009, visitors to the The New York Times Web site encountered malicious advertising. On the site, the ad appeared as a pop-up box containing a security warning, advising users that their machines were infected and directing them to a Web site purporting to offer antivirus software, but that actually contained a Trojan. [Source]

Based in Colorado, Rob Douglas is an identity theft expert and has been fighting against fraud and cyber crime for more than a decade. He is the editor of www.IdentityTheft.info and a speaker at identity theft conferences across the USA.

This article was originally published on October 16, 2009