Malvertising – a word you’ll be hearing a lot more of in 2015. Malvertising is a method of using online advertising to spread malware, ransomware, and other advanced threats.
Why should you care?
The simple nature of this attack method and its unparalleled effectiveness are the ideal mix for a perfect storm. You trust Yahoo.com, don’t you? Yet an estimated 2.5 million Yahoo users were likely infected with malware, spreading it through compromised advertising content displayed on Yahoo’s website. Over a four-day period last year, an estimated 27,000 visitors’ computers were infected every hour.
OK, let’s ditch Yahoo and go Google – good idea? Probably not. Google’s DoubleClick ad network was used to infect many high profile websites such The Times of Israel online news site, Last.fm – a very popular music site, and many more. All these sites have millions of visitors every month.
How does malvertising work?
Cyber criminals will continue to tamper with ad networks, adding malicious code. The very nature of the Web ensures their survival. For everyone involved in online advertising, there is a huge amount of money to be gained in displaying ads – except the unsuspecting Internet user, of course.
Will the major players tighten security and censor the ads? Probably not, because ad networks are highly sophisticated systems – dynamic in nature, fully automated and updated in milliseconds. So don’t expect any of the big players to put in the checks and balances required, as that could have a negative impact on their revenue.
All these years, we were told time and again not to click on hyperlinks or ads that we aren’t absolutely sure of. But here comes a wrinkle in that “Net rule”: the most destructive aspect of advanced Malvertising is that you don’t need to click on anything! Your computer could get infected by merely vieiwing/loading the Web page where the infected ad is displayed.
The hidden scripts in malicious ads check for any specific vulnerabilities on your computer, including the operating system AND the applications. As Long as Microsoft, Adobe (Flash and Adobe Reader) and Oracle (Java – perhaps the most vulnerable application ever written) keep doing what they are doing, our computers will never achieve 100 % security.
What can you do?
Old-fashioned reactive security software and anti-virus software are almost entirely ineffective against malvertisements. Predictive, intelligent security stops this beast in its tracks. Intelligent security predicts threats, and prevents your computer from loading compromised websites; even if you try to load a web page that carries malvertising or malicious code, intelligent security blocks that web page from loading.
Predictive security is like a breath of fresh air that solves a challenging problem. It is extremely effective against malvertising, and surprisingly inexpensive. Contact your IT provider today and grab some much-needed protection in today’s naughty world.
Image courtesy: Bromium
Radius Networks offers predictive, intelligent security. Secure any computer, laptop, tablet or mobile anywhere – in the office or on the move. Read more about our state-of-the-art security solutions or talk to us about your security requirements.