Remember when online security meant avoiding those sites on the wrong side of the tracks? No more. Malvertising is booming—not only in the number of attacks, but in sophistication as well. “Malicious advertising” is the illegal effort of spreading malware through legitimate online advertising, which is notoriously difficult to protect against. It’s a silent and deadly attack, hiding among virtuous advertisements, inserted into websites via a third party—in this case, ad networks—which then employs one of two methods of attack.
How Malvertising sneaks in…
The first attack method relies on a victim’s clicking the ad, which kicks off the infection. Then, malicious ads appear as pop ups or alert warnings. The other, more insidious means of attack is entirely passive for victims: they simply visit a webpage that is already infected, and the code embedded in the ad then downloads and executes a file on the victim’s system.
Cybercriminals exploit an online user’s trust in an otherwise legitimate website, including the likes of popular sites such as The New York Times, The Onion, Spotify, and others. This type of attack has a broad reach, exposing millions of users simultaneously.
How to execute a Malvertising campaign
To pull off a Malvertising scheme, cybercriminals first assume the identities of advertisers and submit malicious ads to ad networks. Ad networks connect websites and advertisers and display the ads on the sites. Because most ad networks don’t properly assess the integrity of the ads, malicious ads are submitted along with legitimate ones. Without a robust means of sorting the good from the bad, malicious ads then attack insecure systems and drop their payloads.
How to Prevent Malvertising
The sophistication of Malvertising makes defense a top priority, albeit a difficult one. Internet security is of utmost importance, especially one offering Containerization technology, whereby all unknown files are executed in a safe environment where there’s no hindrance to you as the user. In this environment, malware can’t deliver its payload. More and more threats exist online: an estimated one million new threats are unleashed daily. For malware removal and antivirus protection, which includes Comodo’s battle-tested Containerization technology, learn more about how Comodo’s Internet Security products will cover all of your security needs.