While it’s been around since MySpace was a part of our everyday lives, malvertising has evolved and become more sophisticated—especially within the last couple of years. By definition, malvertising is exactly what it sounds like: malicious advertisements which infect browsers, plugins, and systems.
Malicious ads can appear anywhere on the internet, regardless of how safe a website may seem, and their attacks can be executed in numerous different ways. With the ability to hide in something as small as a pixel, hook a browser and view clear text communications, and now target networking devices such as home routers, the importance of exercising caution is becoming more clear.
And while social engineering is not a spectacularly new or uncommon technique, malvertising provides attackers with another vehicle for it. Advertisement networks have the ability to determine a user’s operating system and view cookies and geo-location. The purpose of these features is to provide targeted advertisements; however, this can also be used to direct phony tech support or other criminal schemes at users. If someone can view your private communications, they can also gather more than enough data to spoof you or your contacts and steal critical information.
As browser developers begin to phase out vulnerable plugins such as Java and Flash, some threats—such as drive-by downloads—will become less common. However, future alternatives to these technologies as far as strengths and weaknesses are concerned, are yet to be determined. More preventative methods need to be employed by advertising networks, as cutting this opportunity off at the source is ideal.
Ad blocking software is only a piece of the puzzle and isn’t a perfect solution. Users should never browse as administrator and systems, browsers, and plugins should be frequently patched. Browser settings can also be configured to alert users before a plugin is run and infrequently used plugins should be uninstalled or turned off. This gives the user more control and greatly reduces this risk.
If a user is especially concerned, they can use a sandbox browser such as AirGap, Browser in the Box, Sandboxie, or Spoon.net. Sandboxes wipe web history once shut down and allow a level of segregation between the sandbox and the user’s main computer. Virtual machines can also be used in a similar way. This segregation dramatically decreases the chance that a user’s machine will be compromised.
Being able to recognize the signs of social engineering is also important. Be sure to always question the source if someone has contacted you and never willingly give out personal information. If this information is requested or services offered seem too good to be true, this should set off some red flags.
Often within the security industry, once a problem is fixed it doesn’t completely go away; attackers simply get creative and make the problem more complex. It will be interesting to see if advertisement networks can overcome this hurdle and make malvertising and the negative effects associated with it a thing of the past.
To Learn More: