All About Malvertising Attacks
What is Malvertising?
This type of malicious online advertising is typically performed by masking malicious computer code with seemingly harmless online advertisements. The advertisements may lead to harmful or deceptive content or may directly infect a victim's computer with malicious software (malware) that can damage data, steal personal information or even bring the user's computer under the control of a remote operator.
Big Companies Affected by Malvertising
In September of 2009, Microsoft filed five civil lawsuits against alleged perpetrators of malvertising crimes, in which malicious computer code is masked with seemingly harmless online advertisements. The advertisements may lead to harmful or deceptive content or may directly infect a victim’s computer with malicious software (malware) that can damage data, steal personal information or even bring the users’ computer under the control of a remote operator.
One of the more common ruses is to redirect the viewer of the advertisement to a site that warns the user of spyware or malware on his or her computer and offers to scan it for free. Typically, clicking on the "scan my computer" or similar instruction actually places the malware on the computer.
Such was the case with a malvertisement that a fraudster somehow placed on the New York Times Web site in mid-September. According to published reports, the malvertisement initially posed as Vonage, the Voice over Internet Protocol company, and appeared to be legitimate. At some time after being accepted by the newspaper’s Web site, part of the software code switched the display from Vonage to the malicious software. The malvertisement took over the screens of some visitors to the site; showed what appeared to be a computer scan and told viewers they needed to buy software – which was bogus – to correct the problem.
The attacks Microsoft complained about and that hit the New York Times aren’t entirely new, but are still in their infancy. According to U.K.-based Deloitte LLP, in 2008, one piece of malvertising reached 2 percent of all U.S. Internet users. These false advertisements are typically placed on trusted, reputable, well-trafficked sites, Deloitte added.
Microsoft recommends taking the following precautions to protect against the threat of malvertising:
- Make sure you’re using legitimate and up-to-date anti-virus, firewall and anti-malware/spyware tools.
- Be extra cautious about offers to secure or scan your computer with security software or programs you don’t recognize.
DID YOU KNOW...
In September 2009, visitors to the The New York Times Web site encountered malicious advertising. On the site, the ad appeared as a pop-up box containing a security warning, advising users that their machines were infected and directing them to a Web site purporting to offer antivirus software, but that actually contained a Trojan. [Source]
|Key Terms To Understanding Malvertising:||Related Articles on Webopedia:|
Based in Colorado, Rob Douglas is an identity theft expert and has been fighting against fraud and cyber crime for more than a decade. He is the editor of www.IdentityTheft.info and a speaker at identity theft conferences across the USA.
Webopedia Polls: Is iPhone 6 or iWatch on your list? Read More »How to Create a Desktop Shortcut to a Website
This Webopedia guide will show you how to create a desktop shortcut to a website using Firefox, Chrome or Internet Explorer (IE). Read More »Flash Data Storage Vendor Trends
Although it is almost impossible to keep up with the pace of ongoing product releases, here are three recent highlights in the flash data storage... Read More »
- Watch Datamation's editor James Maguire moderate roundtable discussions with tech experts from companies such as Accenture, Dell, Blue Jeans Network, Microsoft and more »
The future remains, well, cloudy. But either way: Amazon, look out. Microsoft is gaining fast. Read More »Hype Versus Action in the Developer's World
Often times technologies start as hype but with time become adopted. As a developer or technologist, it is worth reading the hype and knowing the... Read More »Microsoft Hyper-V Network Virtualization Q&A
The top 5 Hyper-V questions with answers provided by Nirmal Sharma, a MCSEx3, MCITP and Microsoft MVP in Directory Services. Read More »