Mischievous Malware – Part 2 – Malvertising

We are continuing our discussion from yesterday about mischievous malware.

Now that you are a bit familiar with the mischievous malware that could corrupt your devices, it’s time to delve into a lesser known malware scam. Malvertising.

This has been gaining headway on Google, so much so, they created an individual landing page asking consumers to report malvertising and explaining how to combat it. The way this works is that cyber-criminals utilize several types of display advertisements to distribute malware. A few ways you’d see malvertising is through auto-redirecting ads that will take you to a phishing page, click bait and malicious code hidden within an ad.

Sadly, cybercriminals usually use legitimate ad networks because of the high volume of ads they distribute. It makes it incredibly easy for them to throw a code into an ad without the advertiser having the slightest clue. The worst malvertising connects users’ computers to an exploit kit that runs analysis on the defending computer, looking for vulnerabilities and exploiting them. From there, attackers can install malware, ransomware or gain full access to the computer and sensitive information. Sometimes Google may even flag your website for hosting malware, which will affect how you show up in search results.

Like most other malware situations, the best way to keep it from ruining your device or even your life, is to keep everything up to date. It is important to ensure any scripts ads may be running on are current. This includes programs like Java, Flash and Microsoft Silverlight. Ad networks are working hard to stay above the curve, but it is your responsibility to help with that.

Be sure to report any suspicious ads to Google. If the ad’s script contains suspicious code, including encrypted code, it should be treated with suspicion. Remove the ad from your website and report it to your ad network. Also, there are many ad verification websites that help back check ads for suspicious code. The bottom line with any mischievous malware is to keep your eyes open and report foul play.

Previous cyber security posts:

Get a free network security audit

Find out how your company might be vulnerable to security threats and learn how to fix them.