All About Malvertising Attacks

What is Malvertising?

Malvertising (malicious advertising) is one of the newest ways that hackers are using to attempt to steal personal information and to cause havoc with computer users.

This type of malicious online advertising is typically performed by masking malicious computer code with seemingly harmless online advertisements. The advertisements may lead to harmful or deceptive content or may directly infect a victim’s computer with malicious software (malware) that can damage data, steal personal information or even bring the user’s computer under the control of a remote operator.

Big Companies Affected by Malvertising

In September of 2009, Microsoft filed five civil lawsuits against alleged perpetrators of malvertising crimes, in which malicious computer code is masked with seemingly harmless online advertisements. The advertisements may lead to harmful or deceptive content or may directly infect a victim s computer with malicious software (malware) that can damage data, steal personal information or even bring the users computer under the control of a remote operator.

One of the more common ruses is to redirect the viewer of the advertisement to a site that warns the user of spyware or malware on his or her computer and offers to scan it for free. Typically, clicking on the “scan my computer” or similar instruction actually places the malware on the computer.

Such was the case with a malvertisement that a fraudster somehow placed on the New York Times Web site in mid-September. According to published reports, the malvertisement initially posed as Vonage, the Voice over Internet Protocol company, and appeared to be legitimate. At some time after being accepted by the newspaper s Web site, part of the software code switched the display from Vonage to the malicious software. The malvertisement took over the screens of some visitors to the site; showed what appeared to be a computer scan and told viewers they needed to buy software which was bogus to correct the problem.

The attacks Microsoft complained about and that hit the New York Times aren t entirely new, but are still in their infancy. According to U.K.-based Deloitte LLP, in 2008, one piece of malvertising reached 2 percent of all U.S. Internet users. These false advertisements are typically placed on trusted, reputable, well-trafficked sites, Deloitte added.

Microsoft recommends taking the following precautions to protect against the threat of malvertising:

  • Make sure you re using legitimate and up-to-date anti-virus, firewall and anti-malware/spyware tools.
  • Be extra cautious about offers to secure or scan your computer with security software or programs you don t recognize.

DID YOU KNOW…
In September 2009, visitors to the The New York Times Web site encountered malicious advertising. On the site, the ad appeared as a pop-up box containing a security warning, advising users that their machines were infected and directing them to a Web site purporting to offer antivirus software, but that actually contained a Trojan. [Source]

Key Terms To Understanding Malvertising:

Related Articles on Webopedia:

Based in Colorado, Rob Douglas is an identity theft expert and has been fighting against fraud and cyber crime for more than a decade. He is the editor of www.IdentityTheft.info and a speaker at identity theft conferences across the USA.

This article was originally published on October 16, 2009

Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

Virtual Private Network (VPN)

A virtual private network (VPN) encrypts a device's Internet access through a secure server. It is most frequently used for remote employees accessing a...

Gantt Chart

A Gantt chart is a type of bar chart that illustrates a project schedule and shows the dependency between tasks and the current schedule...

Input Sanitization

Input sanitization is a cybersecurity measure of checking, cleaning, and filtering data inputs from users, APIs, and web services of any unwanted characters and...

IT Asset Management Software

IT asset management software (ITAM software) is an application for organizing, recording, and tracking all of an organization s hardware and software assets throughout...

Accenture

Accenture is a global professional services company that specializes in information technology (IT)...

Best Managed Security Service...

Organizations of all sizes can outsource their management of security devices and systems...

Gartner

Gartner is a world-renowned information technology (IT) consultancy and advisory firm that conducts...