All About Malvertising Attacks
What is Malvertising?
This type of malicious online advertising is typically performed by masking malicious computer code with seemingly harmless online advertisements. The advertisements may lead to harmful or deceptive content or may directly infect a victim's computer with malicious software (malware) that can damage data, steal personal information or even bring the user's computer under the control of a remote operator.
Big Companies Affected by Malvertising
In September of 2009, Microsoft filed five civil lawsuits against alleged perpetrators of malvertising crimes, in which malicious computer code is masked with seemingly harmless online advertisements. The advertisements may lead to harmful or deceptive content or may directly infect a victim’s computer with malicious software (malware) that can damage data, steal personal information or even bring the users’ computer under the control of a remote operator.
One of the more common ruses is to redirect the viewer of the advertisement to a site that warns the user of spyware or malware on his or her computer and offers to scan it for free. Typically, clicking on the "scan my computer" or similar instruction actually places the malware on the computer.
Such was the case with a malvertisement that a fraudster somehow placed on the New York Times Web site in mid-September. According to published reports, the malvertisement initially posed as Vonage, the Voice over Internet Protocol company, and appeared to be legitimate. At some time after being accepted by the newspaper’s Web site, part of the software code switched the display from Vonage to the malicious software. The malvertisement took over the screens of some visitors to the site; showed what appeared to be a computer scan and told viewers they needed to buy software – which was bogus – to correct the problem.
The attacks Microsoft complained about and that hit the New York Times aren’t entirely new, but are still in their infancy. According to U.K.-based Deloitte LLP, in 2008, one piece of malvertising reached 2 percent of all U.S. Internet users. These false advertisements are typically placed on trusted, reputable, well-trafficked sites, Deloitte added.
Microsoft recommends taking the following precautions to protect against the threat of malvertising:
- Make sure you’re using legitimate and up-to-date anti-virus, firewall and anti-malware/spyware tools.
- Be extra cautious about offers to secure or scan your computer with security software or programs you don’t recognize.
DID YOU KNOW...
In September 2009, visitors to the The New York Times Web site encountered malicious advertising. On the site, the ad appeared as a pop-up box containing a security warning, advising users that their machines were infected and directing them to a Web site purporting to offer antivirus software, but that actually contained a Trojan. [Source]
|Key Terms To Understanding Malvertising:||Related Articles on Webopedia:|
Based in Colorado, Rob Douglas is an identity theft expert and has been fighting against fraud and cyber crime for more than a decade. He is the editor of www.IdentityTheft.info and a speaker at identity theft conferences across the USA.
This Webopedia study guide describes the different parts of a computer system and their relations. Read More »Webopedia Polls
The trend for the past two years has been for shoppers to spend more online during the holiday season. How do you typically shop for holiday... Read More »How to Create a Desktop Shortcut to a Website
This Webopedia guide will show you how to create a desktop shortcut to a website using Firefox, Chrome or Internet Explorer (IE). Read More »
- Watch Datamation's editor James Maguire moderate roundtable discussions with tech experts from companies such as Accenture, Dell, Blue Jeans Network, Microsoft and more »
Tape clearly is on the decline. But remember, legacy systems can hang for a shockingly long time. Read More »Apple Pay Promises to Strengthen Payment Security
Experts believe that Apple Pay and other competitive payment systems will be far more secure than cards, even cards equipped with EMV chips. Read More »Internet of Things Shaping IT's Future
To make the IoT both work and pay off, IT is juggling upgrading and building app-centric networks, mapping out new data center architectures and... Read More »