Malvertising or Malicious advertising is a technique which uses ads to spread malware. Instead of tricking users to visit malicious website, malvertising uses advertising networks to distribute malware in trustworthy websites. The distributed malware can be a spyware, ransomware, anything that can benefit the attacker.
Malware + Advertising (Malvertising) acts as a carrier for cyber criminals to open up a covert channel to launch an attack on the system. It always targets popular websites, where the traffic is high because these high trafficked websites often outsource the advertising space to ad sellers (ad networks). Advertisers bid for ad space in popular websites and the ad sellers serves the winners in bidding process with the space.
Initially, advertisers run a clean ad to gain reputation on the high trafficked websites. Once they gain reputation of the website and its users, they insert malicious codes in iframes which carry their ads. As this process happens in the background, malicious ads go unnoticed affecting huge number of users.
How does it infect users?
User visits a legitimate website and clicks on ads. It redirects the user to a malicious website where the user is tricked to install malicious software using social engineering techniques.
User visits a legitimate website. A pop up advertisement appears and asks user to click close button to hide it. User clicks the close button and the code embedded in the close button gets downloaded and affects the system
User visits a legitimate website. Browser downloads malicious code embedded in HTML element s(iFrame) in the background when it loads the legitimate page making the user unaware of the malicious download.
If the user's system is vulnerable to zero day attacks, these malicious codes may compromise the system just by visiting the websites allowing malvertisement.
How to protect the system from malicious ads?
Safe browsing habits
It is always a good practice to visit only the trustworthy websites. Though this safe browsing practice may not protect the users from malware sitting on reputed websites, it definitely decreases the probability of getting infected by malware, as many popular websites are using AV/AM suites to scan for malware every month.
Keep the system up to date
Malicious software always look for a security vulnerability (loop hole) to infect the system. The best way to minimize the attack is to keep all software components, browser plugins, system up to date.
Use ad blocker
Use of ad blocker is a good option to defend against malware advertising. These ad blockers can filter the malicious ads and stop automated scripts from loading malicious contents.
Anti-exploit software monitors browser activities, and stops the exploit if it finds it suspicious. It prevents browser plugin exploits and can run with any antivirus program to protect the web browsers.