- October 31, 2016
- Posted by: Kerry Tomlinson, Archer News
- Categories: Archer News, Cyber Crime, Posts with image, Ransomware
Malvertising is “malicious advertising”—bad ads that can infect your tech.
And unfortunately, the “Mad Men” behind this toxic advertising have found easy ways to poison your computer—you can get an infection just by the ad showing up on your screen.
“Malvertising is a way for attackers to load malicious code on your computer through advertisements,” explained Jim Feely of Archer Security Group.
“For criminals, ad networks are a great way to spread malicious code,” he said.
Archer News is answering your questions about cybersecurity for National Cyber Security Awareness Month by asking experts from our parent company, Archer Security Group.
The goal—to keep you informed on what is happening in the cyber world and how it affects you.
One malvertising ad on a popular site showed a T-shirt with the phrase, “I used to care. But I take a pill for that now.”
Where do you see it?
Malicious ads can pop up on popular sites, alongside regular ads.
They’ve shown up on big sites like TMZ, with more than 30 million visitors a month, and Rotten Tomatoes, with 39 million visitors a month, according to Jerome Segura of cybersecurity company Malwarebytes.
They also hit big-name news sites you may visit regularly.
“They do that by hacking or otherwise tricking ad networks into serving malicious advertisements just like any other ad,” said Feely. “This means their ads can be spread all over the Internet and appear to be a part of totally legitimate websites or services.”
In the past, some attackers had to “lurk in the seedy corners of the Internet,” waiting for people to trip over their malicious sites, according to Feely.
“The ad networks deliver the malware directly to victims who visit legitimate sites like Yahoo, BBC, New York Times, and US News,” he said.
TMZ is one of many sites that has been hit by malware, according to Malwarebytes.
What can it do?
One of the popular goals of malvertising is ransomware—if the bad guys can use an infected ad to take over your computer, they can hold it for ransom.
“For the last several years, malvertising has been a way for criminals to infect hundreds of thousands of victims with crypto-ransomware,” Feely said.
TeslaCrypt is a well-known kind of ransomware that can end up on your computer through poisoned ads.
In April, TeslaCrypt ransomware almost froze a NASCAR race car in its tracks when it took over the computers of car 95, owned by Circle-Sport Leavine Family Racing. The racing group said it had to pay the ransom to get their crucial competition and performance data back.
The venomous ads can play other games with your computer as well, like tricking you into installing other kinds of malicious software.
More and more malvertising campaigns are delivering banking trojans, which can steal your banking information and other data, according to Malwarebytes.
Can you tell it’s a bad ad?
Experts say the bad ads look just like good ads.
Malvertising on the dating site PlentyOfFish last year showed people images of a hot tub, according to Segura.
“Feel the Healing Power of a Hydro Therapy Spa,” said the ad, supposedly for “Twilight Hot Tubs.”
TMZ readers saw an ad for a T-shirt company, showing a shirt with the slogan, “I used to care. But I take a pill for that now.”
Another noxious ad banner read, “Interested in life of the stars? Learn music with us! More on www.musical4.com.”
Malvertising found its way to dating site PlentyOfFish last year.
Why can’t somebody stop them?
It seems pretty simple. You open a page online, and you see ads.
When you click to go to a site, that site may put your “view” up for bid. Advertisers bid to see if they will get to be the one to show you the ad. If you’re the demographic advertisers want, the site may get a ton of bids for your view. A bid is chosen, you see an ad.
All this in a tiny fraction of a second.
There are many companies involved in that split-second decision. The bad guys could be posing as any one of those companies, or they could simply slip through the cracks.
“No one entity is capable of stopping malvertising as a whole,” said John Shier with cybersecurity company Sophos. “There are many moving parts that make up the online advertising ecosystem, which means there are many ways crooks can exploit this ecosystem.”
What can I do?
Keeping your computer up-to-date with the latest security patches will help fend off malvertising malware.
“The vast majority of infections happen because people are surfing the web with outdated versions of Internet Explorer, the Flash Player and so on,” Segura said.
Also, uninstall software you don’t use any more, because it could have vulnerabilities.
Some people are using anti-malware and anti-exploit technologies as well as antivirus, and others are using ad-blocking.
You can also set some of your features to click-to-play, as described on How-To Geek.
Legitimate advertisers can target you for your age, gender, buying habits and more.
The bad guys can do it, too, choosing their prey carefully.
“The power of ad network analytics allows an attacker to target specific groups of victims based on any number of tracked criteria, like what versions of software or what browser plug-ins are present,” said Feely.
So, for example, if you have current security software, you might not get to see the ad. But if your software is not up-to-date, you could get the bad banner, front and center.
That way, the malvertisers can avoid computers that might detect their shady operation, and their attack campaign can last much longer.
Google and other organizations just teamed up to create the Coalition for Better Ads in September to “improve consumers’ experience with online advertising.”
Some say the coalition needs to work on malvertising issues as well, to stop the criminal “Mad Men” from turning harmless-looking ads into computer disasters.