WP What Is Malvertising | Examples, Differences from Ad Malware | Imperva

Malvertising

78.4k views
Attack Types

What is Malvertising

Malvertising is a malicious attack that involves injecting harmful code into legitimate online advertising networks. These deceptive ads are then unknowingly displayed to users, leading them to unsafe destinations. The embedded malicious code often redirects users to harmful websites, risking their online security.

Malvertising can be highly profitable for cybercriminals, as it’s difficult to track and often goes unnoticed. The malicious code is usually embedded in online ads, which users may encounter while browsing. Attackers place These ads on legitimate sites to reach a larger audience.

How Does Malvertising Work?

The online advertising ecosystem is a complex network that includes publisher sites, ad exchanges, ad servers, retargeting networks, and content delivery networks (CDNs). Multiple redirects exist between different servers when a user clicks on an ad. Malicious actors exploit this intricacy to surreptitiously insert harmful content in unexpected locations that publishers and ad networks are least prepared for.

When a website visitor clicks on malvertising, they may unknowingly trigger the release of malicious code on their device. Once installed, the malware is delivered through malvertising functions like any other malware. It has the potential to damage files, exfiltrate data, establish hidden access points, or monitor the user’s activity. The malware can also manipulate, block, delete, copy, or leak data, which can then be held for ransom or sold on the dark web.

Malvertising attacks can also deploy an exploit kit, a type of malware that is designed to probe a system and take advantage of security gaps or vulnerabilities.

What’s the Difference Between Malvertising vs. Ad Malware?

Malvertising is often mistaken for ad malware or adware, which are other types of malware that impact online advertisements. Adware is a program that runs on a user’s computer. It is typically bundled with legitimate software or installed without the user’s knowledge. Adware showcases unwanted advertisements, redirects search requests to advertising websites and collects user data to facilitate targeted advertising.

When comparing malvertising and ad malware, there are distinct differences to consider:

Malvertising entails the deployment of malicious code on a publisher’s web page, specifically targeting individual users. On the other hand, adware is designed to target individual users without initially being deployed on a publisher’s web page.

Furthermore, malvertising only impacts users who view an infected webpage, whereas adware, once installed, operates continuously on a user’s computer.

In summary, malvertising and ad malware differ in their approach and impact, with malvertising relying on infected web pages and adware persistently operating on a user’s computer.

How Do Malvertisements Affect Users?

Malvertising can impact users who view malicious ads, even without clicking on them. These include:

  1. “Drive-by download” attacks: These occur when malware or adware is automatically installed on a user’s computer due to vulnerabilities in their browser.
  2. Forced browser redirects: Users may be redirected to malicious websites against their will, exposing them to potential threats.
  3. Unauthorized display of unwanted advertising, malicious content, or pop-ups: Malvertisements may execute Javascript to show additional ads or content that goes beyond what is legitimately displayed by the ad network.

When users click on a malicious ad, malvertising can compromise their security:

  1. Installation of malware or adware: Clicking on a malicious ad can trigger the execution of code that installs harmful software on the user’s computer.
  2. Redirect to a malicious website: Instead of reaching the intended destination suggested by the ad, users may be redirected to a site that threatens their online safety.
  3. Phishing attacks: Malicious ads may redirect users to websites that closely resemble legitimate sites, aiming to deceive and trick users into divulging sensitive information.

It is important to be aware of these risks and take necessary precautions to protect oneself while browsing the internet.

How Malvertisements Affect Web Users

The Impact of Malvertisements on Publishers

When an ad network falls into the hands of malicious actors, it can have severe consequences for publishers. Their reputation takes a hit, site traffic and revenue decline, and they may even face legal liability for the harm caused to users.

Although publishers are well aware of this issue, detecting and blocking malicious ads poses a significant challenge. Ad networks serve ads from countless advertisers and display them dynamically through real-time bidding. This makes it incredibly difficult to test every single ad shown to users thoroughly.

Methods of malware insertion into ads include:

  1. Malware in ad calls: When a website displays a page with an ad, the ad exchange delivers ads through third parties. Attackers can compromise one of these third-party servers and inject malicious code into the ad payload.
  2. Malware-injected post-click: When users click on an ad, they are redirected through multiple URLs before reaching the ad landing page. If an attacker compromises any of these URLs, they can execute malicious code.
  3. Malware in ad creative: Malware can be embedded in text or banner ads. For instance, HTML5 allows ads to combine images and JavaScript, which may contain malicious code. Ad networks that use Flash (.swf) format are particularly vulnerable to this.
  4. Malware within a pixel: Pixels are code embedded in ad calls or landing pages to track data. Legitimate pixels only send data, but if an attacker intercepts the pixel’s delivery path, they can send a response with malicious code to the user’s browser.
  5. Malware within video: Video players do not provide protection against malware. For example, standard video formats (VAST) can contain pixels from third parties that may have malicious code. Videos can infect users by displaying a malicious URL at the end.
  6. Malware within Flash video: Flash-based videos can inject an inline frame (iframe) into the page, which downloads malware without the user needing to click on the video. Malicious code can also be injected into pre-roll banners that load while the video file is loading.
  7. Malware on a landing page: Even on legitimate landing pages served by reputable websites, clickable elements may execute malicious code. This type of malware is particularly dangerous as users click on an ad, land on a genuine landing page, but get infected by a malicious element on the page.

See how Imperva Web Application Firewall can help you with malvertising attacks.

How To Avoid And Prevent Malvertising

Malvertising is an attack that is difficult to detect and mitigate and requires action by end users and publishers.

How Users Can Avoid Malvertising

Protecting yourself from malvertising involves a combination of good online hygiene, keeping software updated, and using various security tools:

  1. Keep Software Updated: Regularly update your browser, operating system, and plugins to ensure that you have the latest security patches. Outdated software often has vulnerabilities that can be exploited by malware.
  2. Use an Ad-blocker: Ad-blockers can prevent many types of malvertising by blocking the actual ads from loading on web pages.
  3. Disable Javascript and Flash: Javascript and Flash are often used to deliver malicious payloads. Disabling these can prevent many types of malvertising attacks, although it may also affect the functionality of some websites.
  4. Be Cautious with Pop-Ups: Don’t click on pop-up ads or windows. Instead, close them by clicking on the “X” or through the task manager.
  5. Use Antivirus Software: Good antivirus software can detect and neutralize many types of malware. Make sure your antivirus software is kept up-to-date.
  6. Enable Click-to-play: Click-to-play requires user intervention to play multimedia content. This can prevent the automatic execution of malicious code.

Remember, no solution is 100% effective, and the best protection is always vigilance and cautious online behavior.

To mitigate the risks of malvertising, publishers can take several steps:

  1. Thoroughly vet ad networks, ensuring they have a solid reputation and robust security practices. It’s essential to inquire about ad delivery paths and the measures they have in place to prevent malicious ads.
  2. Implement a stringent scanning process for ad creative before displaying it. This will help identify any malware or unwanted code that may harm users’ devices or compromise their security.
  3. Consider enforcing a policy that restricts the file types allowed in ad frames. Limiting it to safe formats like JPG or PNG, while avoiding JavaScript or Flash, can significantly reduce the likelihood of malicious content.

By following these practices, publishers can minimize the impact of malvertising and maintain a safer environment for their users.