An ever-present issue when using a computer is the threat of malware. Malware is a portmanteau of the words “malicious” and “software” and is a catch-all term for any malicious software. At the worst end of things, it covers ransomware, viruses, and worms. It also covers adware, trojans, and cryptocurrency miners, at least those installed unintentionally.
Hackers writing malware have two complex tasks. The first is to design the software so that it is hard to identify. This is simply an extension of the coding of the malware. The other main problem faced is distributing the malware. There are many options, such as spam emails, running a shady download site, or distributing pirated software. Another option is to use an explicitly designed system to disseminate content as widely as possible. This is done via advertising.
Malvertising
Malvertising is another portmanteau. This time of “malware” and “advertising.” The concept revolves around simply paying for advertising space and using that to distribute malware. There are a few different ways to go about this. With careful design, it is possible to get the advertisement itself to be malicious. In this case, being shown the advert causes your device to download malware and run it. This sort of malvertising is incredibly effective as it doesn’t require any interaction from the user.
Another technique is to link the advert to a site that automatically downloads and runs the malware. The malware can also be downloaded via an interstitial page that quickly redirects users to a legitimate or potentially further malicious site. This attack is much less successful as it requires the victim to click on the advert actively. Chances can be increased by making the advert as clickbait-y as possible, but click rates are still low.
Note: Clickbait is a term used to refer to pre-content, typically adverts or “article” previews, designed to bait the user into clicking on them. Typically, this involves hinting at some juicy or essential information and suggesting the reader will miss out if they don’t click.
Countermeasures
As malvertising became a thing, many computer users installed an adblocker. Though there are many possible driving forces behind doing so, avoiding malvertising is often a big plus. This is highly effective because you can’t be infected by malvertising if you don’t see any adverts.
Mainstream advertising agencies saw malvertising in general and adblocking especially having an impact on their bottom line. To protect their income, they implemented progressively more robust systems of checks on the advertising content they served. This has generally reduced the amount of malvertising that can be found in general. Nevertheless, some less scrupulous advertising agencies don’t perform the same checks and still serve malvertisements.
Most of the methods for quietly downloading malware and running it without the user ever downloading anything were actual browser or plugin security issues. Browser security has significantly increased over recent years, making silent execution in such a manner considerably more difficult. As such most modern malware requires the user to click on at least something such as an “error message” or to dismiss a notification that they’ve won a prize. Generally, it’s safest to close the tab without interacting if you find yourself on an untrusted site and see content like that. It’s also generally a good idea to run some anti-virus tool just in case. Don’t use a pirated version, as all of those are malware.
Malvertising on a Billboard?
One of the problems faced with identifying malvertising from the advertising agency side is that the advert could link to a legitimate site at the time of testing. Unfortunately, the linked site – or one of a chain of redirections – can be updated after it has been approved. This issue, interestingly, doesn’t just affect online ads; it also allows malvertising to spread to the real world.
Now an advert on the TV, billboard, or poster isn’t going to infect anything on its own. Several adverts now carry a QR code as a quick and easy link to see the advertised product on your smartphone. Unfortunately, this makes it relatively simple to do the same thing. The QR code can link to a redirection to the advert when it gets approved, assuming an approval process even checks the link. The site’s content or the redirection’s location can then be updated later to serve malware directly to the victim’s smartphone.
Conclusion
Malvertising is a portmanteau of “malware” and “advertising” It involves delivering malware via advertisements. This delivery can be direct from the advert itself or indirect from the site it links to. Typically, malvertising will try to download malware surreptitiously. Alternatively, it may try to convince the victim to download allegedly helpful software that contains or is malware. A standard way to reduce your risk of falling victim to malvertising is to install an adblocker. This blocks all adverts, meaning you can’t be served a malicious one.
