- Malvertising is a tool used by cybercriminals to target users through digital advertisements on businesses' websites and social media.
- When a user clicks a malvertising ad, it takes them to a landing page that may install viruses or phishing software on their computer.
- The digital marketing industry has lost an estimated $1 billion from blocking malvertising attempts. However, there are certain steps you can take to protect visitors to your website from malvertising.
Internet users are exposed to hundreds of ads a day, distributed by various advertising networks. Unfortunately, automated ads can be used to spread malicious software. Even legitimate ad networks can be used by hackers to spread malicious code, due to the high volume of ads they are paid to distribute.
Malware spreaders hide code within legitimate-looking ads that can redirect your computer to connect to a malicious server to install malware. The worst malvertising connects users' computers to an exploit kit that runs analysis on the defending computer, looking for vulnerabilities and exploiting them. From there, attackers can install malware or ransomware or even gain full access to your computer and its sensitive information.
Early malvertising attempted to trick users into clicking banner ads, such as by claiming their computer was already compromised by viruses and that they should install an antivirus. These days, you don't even have to click on the malicious advertisement for it to run exploits, which can start automatically and in the background.
Attackers take advantage of the automated nature of online advertising, with large companies turning to networks to choose which ads to display on their websites. Although most reputable advertising networks examine the advertisements they serve, malicious code can still slip through the network's checks. Malvertising has made its way to large websites, including The New York Times, the BBC, AOL and the NFL as recently as 2016, according to the Center for Internet Security.
What is malvertising, and how does it work?
"Malvertising" is an industry term for the way cybercriminals add malware to advertisements. Malvertising can appear anywhere, including on sites you visit every day. It looks the same as traditional ads, but it redirects you to an unsecured webpage that adds malicious code to your computer or mobile device. Viruses and phishing software can then be installed on your device.
Examples of malvertising
Trend Micro and other antivirus software providers have detailed ad campaigns from large companies that have turned out to be malvertising. The New York Times fell victim to a banner ad that installed malicious code after web users clicked on it. The London Stock Exchange was part of a malvertising incident that allowed hackers to breach its system and access user data.
The effects of malvertising
The risk of malvertising infecting users' computers has created a dilemma between internet users and ad distributors. To defend against malvertising, users are advised to update the scripts that ads run on, such as Java, Flash and Microsoft Silverlight, and to keep their anti-malware software up to date. However, to further ensure they avoid malicious advertisements, users will stop ads completely by installing ad blockers or disabling scripts like Java and Flash from running on their browser. This leads to a loss of revenue for the website displaying ads, which may prompt those companies to prevent ad-blocking users from using their sites.
Your website may also be flagged by search engines for hosting malware, affecting your SEO and even blacklisting your site from showing up in search results. According to the Interactive Advertising Bureau, malvertising costs the digital marketing industry more than $1 billion in lost revenue from ad blocking in addition to the costs of investigating and curbing malvertising.
While ad networks work to improve safeguards and prevent malvertising from being distributed to their partners, there are a few things you can do to prevent malicious advertising from affecting your users and ruining your reputation. It will require some vigilance on your part to protect your website visitors.
Make sure you deal only with reputable advertising networks that run fraud detection on their advertisements. You also need to examine the ads your website is running. You can do this safely with domain research tools, such as DomainTools, that let you examine URLs without entering them.
According to Google's anti-malvertising guide, you should search for suspicious redirects and iFrames. If the ad's script contains suspicious code, including encrypted code, treat it with suspicion. Remove the ad from your website and report it to your ad network. If your network allows you to swap it out with another, then do so. If this is a frequent issue, you should switch to a different ad network.
There are several ad verification services that can act as watchdogs for your website. Companies such as GeoEdge and The Media Trust have add-ons that scan advertisement code to backcheck it against trusted sources and look for suspicious code.
Be sure to protect your own computers and servers when dealing with suspect ads, as you can also be a victim of malware from the malicious ads. You could be targeted with ransomware that locks down your whole website, so be sure to keep backups and strong anti-malware software in place.
If Google, Bing or another search engine flags your website for distributing malware, you can usually file an appeal to that search engine when you've removed the malvertising.
Like any malware, malvertising is invasive and continually changing. While ad networks and the online advertising industry are addressing malvertising, and the use of third-party ad verification tools and anti-malware is recommended, it ultimately comes down to you to make sure your website is not spreading malware. Those precautions don't remove the need for a knowledgeable and vigilant eye on the code that goes through your website.