I

s that ad banner over there trying to hack you? Maybe it’s your garden-variety paranoia. Maybe it’s malvertising – the cyber threat that delivers malware through online ads.

Malvertising, you said? 

Indeed. It’s a portmanteau of malware and advertising.

Like Brangelina.

Yes, thank you. Like Brangelina. But dirtier.

Malvertising is what happens when attackers buy ad space in popular, legit websites and load them with ads infected by viruses, spyware, malware and all kinds of cyber filth you wish you’d never heard of. 

OMG

Right? Sneaky. 

Who has this affected so far?

A veritable who’s who of the world’s most trusted websites: Reuters, Youtube, MSN, Yahoo, The New York Times, Spotify… even The Onion. The list continues to grow. 

So what happens, exactly?

Attackers piggyback on trusted, popular websites as a lure. They target clean and respectable places with lots of visitors like the ones we mentioned above. The sites themselves aren’t infected, and the ad providers don’t know they are blasting malicious ads into potentially millions of computers until it’s too late.

See, people may expect to catch something from visiting www.supersketchy-xxx.biz, but not, say, I don’t know - Reuters. 

Wait. hang out at www.supersketchy-xxx.biz

Right...maybe...don't? Moving on. 

Often, when you open a website, your browser is actually connecting to several different URLs. One for the provider of the online ads, another one for the video content, yet another one for pop-ups… This adds to the complexity of figuring out exactly who is showing you what bit of the page you are looking at, and who is ultimately responsible for making sure that the content you are interacting with is safe.

Malvertisers love that complexity, and exploit it for their benefit and your cyber doom. 

So, when I click on one of these ads...

… you get infected with all kinds of viruses and malware. 

That’s fine by me, because I never click on ads. Right?

Not so fast. First, everyone clicks on ads sometimes, even if it’s just by mistake. And second, there are strands of malvertising that begin running malicious code the moment you open the page. No clicking or any other action required on your part.

I am officially concerned. Can we get to the part when you explain how people can protect themselves against this?

There are a number of things you can do right about now. Go ahead.

  • Get a good antivirus, or upgrade your current one! This is really your first line of defense against malvertising and a ton of other forms of cyberattack. It just so happens we know where you can find a free one (cough, cough--plug).
  • Install an ad blocker. Those bad boys can zap out ads before they even appear on your screen. There’s a little more to ad blockers than that, and not everything about them is great, so check this out before you get one. And if you’re a pro and you know what you’re doing, running a noscript extension will give you full control over what bits to let run. 
  • Disable Java. You don’t really need it. In most cases, you can probably live without Flash too. The fewer plug-ins you have enabled, the fewer potential doors you’re leaving open for malverts. 
  • Keep your plugins updated. Developers come up with fixes to security gaps all the time, but you need to make sure you have the latest version for them to be effective.  
  • Update your browser to the latest available version. Some malvertising attacks have tackled security holes in the browsers themselves rather than ads, so it pays off to make sure you have the latest security patches on when you surf the web. 

Well, now I know

There you go. With these tips and a few clicks here and there, you can protect yourself from malverts.

Liked this one? Try these:

What is Adware and How to Get Rid of It

Adware is aggressive or malicious advertising software that causes irritating things like popups or online tracking. Find out more about adware and how to remove it.

What is a Trojan Horse? Is it Malware or a Virus?

Trojans are a type of malicious software that can hide in your computer and steal bank details, credit card info and passwords. Learn how to prevent this.

What is Malware? How Malware Works & How to Remove it

Everything you should know about malware, how it works, what it does and how to remove it. Find the best anti-malware and malware removal tools here!

What is Spyware and Why You Should Care

Spyware is the sneakiest kind of malware: it is software made for spying on people. Find out more about how spyware works and how to remove it.