Malvertising Targets Your Online Users

Uploaded on 2017-04-21 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Before clicking an online ad, make sure your users think twice. Malicious advertising, more commonly known as Malvertising, has been popping up everywhere.

Some of the most popular websites, such as Huffington Post, eBay, Forbes and Yahoo, at one point or another have unwittingly hosted malicious ads.

Malvertising is designed to spread malware when a user clicks on an ad. If a virus, worm, Trojan or some other type of malware like ransomware gets into your network through malicious advertising, it could disrupt your business for hours or days or longer or abscond with your valuable data.

Malvertising is tough to identify. Malware authors hijack legitimate online advertising systems to insert their own malware-filled ads into websites. Anytime malware is hidden inside a legitimate application, it’s much harder to detect.

That explains why Malvertising has become a $1 billion cyber-criminal enterprise. It’s easy to trick users to click, and it doesn’t cost much to create the fake ads. It costs less than $1 per 1,000 targeted users to create a malicious ad.

Clicking on a malicious ad can lead to the types of damage common to malware infections – stolen data, altered files, identity theft and financial loss. In some cases, it can turn your machine into a bot to propagate malware or execute a DDoS (distributed denial of service) attack.

That’s bad enough of course, but Malvertising delivers the added bonus of also hurting advertisers and the publishers they pay to run the ads. As explained by Forbes: “Lost ad dollars starve digital publishers of much-needed revenue and marketers of money intended to drive sales. Both phenomena result in diminished economic output and employment.” Malvertising is responsible for more than $200 million in lost ad revenue.

How Malvertising Works

Malvertising spreads infections in a couple of ways, tricking users into clicking an ad or pop-up warning and drive-by downloads. With ads, users are redirected to a website hosting malicious code instead of the advertiser’s site.

The first with pop-up warnings, for example, a fake alert about a computer infection appears on your screen. The alert contains a link to download the “fix.”

The second Malvertising method requires no work on the user’s part. A machine gets infected through a drive-by download when a user visits a site with malicious ads. Drive-by downloads are imperceptible to the user and install malware that causes disruption or steals valuable information.

Protect Your Business

Because Malvertising disguises itself as legitimate ads or pop-up warnings, it creates a challenge for businesses to prevent users from infecting their machines. But there are steps you can take to minimize the threat.

One obvious step, which applies in all cyber-security situations, is to always update all business systems and software. Outdated applications, plugins and operation systems often have vulnerabilities that cyber-criminals can easily exploit. Be sure to also update your browsers regularly and take advantage of built-in security features such as pop-up blockers and malware protection.

Lastly, you should implement a comprehensive, up-to-date endpoint security solution with built-in behavior analysis. Advanced analysis features can flag suspicious code by looking for traits often found in malware.

As we’ve explored in earlier blogs about exploits, phishing, mobile threats and browser security, small businesses have to secure their businesses on many fronts. Malvertising is one of many cyber threats your business has to contend with.

By taking these security steps, you boost your chances of avoiding a Malvertising hit.

VipreAntivirus:

You Might Also Read: 

Malicious Ads Expose Millions To Hacking:

Brand Reputation Includes Cyber Safety:

 

« Cyber-Workforce Shortage to Increase
Facebook & Google Are Killing Newspapers »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

PSC

PSC

PSC is a leading PCI and PA DSS assessor and Approved Scanning Vendor.

Parsons

Parsons

Parsons has developed a converged security offering that combines cybersecurity, integrated network solutions, and critical infrastructure protection.

Alyne

Alyne

Alyne is a Munich based 2B RegTech offering organisations risk insight capabilities through a Software as a Service.

SCADASUDO

SCADASUDO

SCADASUDO is a cyber solution architecture and design office, established by leading experts in the field of OT (Industrial control) and IT (information Technology).

GLESEC

GLESEC

GLESEC offer a complete range of Cyber Security services from Operations & Intelligence Services to Auditing & Compliance and Simulation and Training.

FireCompass

FireCompass

FireCompass SAAS platform helps CISOs & Security Teams in continuous risk assessment by mapping your attack surface and knowing the “unknown unknowns”.

Phoenix Cybersecurity

Phoenix Cybersecurity

Phoenix Cybersecurity Services and Managed Security Services help clients just like you take full advantage of leading cybersecurity technologies and industry best practices.

Amnesty Tech

Amnesty Tech

Amnesty Tech's Security Lab leads technical investigations into cyber-attacks against civil society and provides critical support when individuals face such attacks.

Syracom

Syracom

syracom is a consultancy firm specialized in development of efficient business processes. With our expertise and IT competence, we develop tailored solutions for customers in various industries.

OptimEyes.ai

OptimEyes.ai

OptimEyes.ai is a unique AI-powered, on-demand SaaS solution for cyber-security, data privacy and compliance risk modeling.

Sunnic

Sunnic

Sunnic is a leading provider of comprehensive digital data security technology.

Nightwing

Nightwing

Nightwing is the intelligence services company that continually redefines the edge of the possible to keep advancing our national security interests.

ClearSale (CLSA3)

ClearSale (CLSA3)

Clearsale’s innovative fraud solutions combine advanced technology with a passionate team of seasoned experts that understand every client’s unique needs.

Idenhaus Consulting

Idenhaus Consulting

Idenhaus specializes in Cybersecurity and Identity Management (IAM) Consulting.

Locket Cybersecurity

Locket Cybersecurity

Locket’s certified students provide pro-bono security audits for small and medium-sized businesses in the Chicagoland area.

Vulnify

Vulnify

At Vulnify, we’re revolutionizing the way businesses identify and manage security vulnerabilities.