Stop Malvertisements from Causing a Click-tastrophe on Your Computer

Web ads: sometimes annoying, other times entertaining and useful, but for the most part, harmless. Or so you thought. It seems that cybercriminals are now turning their attention toward pulling you in with a strong sales message, and you may be none the wiser until it’s too late.

Your neighborhood hacker has decided to start studying marketing, using digital advertising methodologies to increase the effectiveness of various malicious marketing schemes.

Cybercriminals are taking over more and more computers by seeding malware into millions of legitimate web pages through their clickable ads. They’re effectively scattering infectious malware through online ads onto millions of webpages, which will give them back door that will give them full control of your computer.

That banner at the top of your web page announcing a shoe sale, or the little box on the right promoting an upcoming local concert, could be luring you into downloading malware onto your computer—with just one click.

And just like other phishing schemes on the Internet where hackers drop malicious links into a website to grab your personal information, you could be walking into a well-set trap that puts your identity and devices in danger by exposing personal data. It may seem unlikely, but entering booby-trapped sites through seemingly harmless online ads gives these cybercriminals nearly unfettered access to the data on your computer.

You might not even know that you entered an infected web page, as you entered through what appeared to be a regular online ad. Their methods are quite ingenious in this case:

  • Hackers actually pay for these malicious ads, or “malvertisements,” to appear in random patterns that are more difficult to spot and defend against.
  • They also look for smaller websites where it’s easier to slip an ad undetected directly onto a less secure page.

Right now major search engines like Google cut down on the number of “tainted pages” that will appear on your searches through the use of web crawlers. These programs index millions of web pages continuously and “blacklist” suspicious pages from coming up in search results.

However, you should always be cautious before clicking on that ever-so-enticing sales pitch on the side of your trusted web page. The site might be safe, but not all of the clickable links on it are guaranteed to be as secure.

Keep on the lookout for bad ads with these tips from McAfee:

  • Perform web searches on trusted search engines such as Google, Yahoo or Bing to ensure higher safety measures in your search results and safe search tools such as McAfee SiteAdvisor® to help you steer clear of danger zones.
  • Double check the URL of any page you are visiting, especially when led there by an untrusted ad.
  • Be wary of clicking on any ad that promises free product or prizes for almost no effort on your part.
  • Keep your browser and operating system up to date with any updates and security patches.
  • Shield yourself before searching the web with comprehensive security software like McAfee LiveSafe™ service, that protect all your devices, your identity and your data.

Stay ahead of what’s out there! For regular updates on consumer security threats and web search safety, be sure to follow us on Twitter @McAfeeConsumer and Facebook.

 

One comment on “Stop Malvertisements from Causing a Click-tastrophe on Your Computer

  • A malicious advertisement is a snippet of web code that is written by the advertiser, yet is shown on a web page created by somebody else. It is not required to "click" the advertisement in order for web vulnerabilities to be triggered, as it has been observed in many cases that the presence of the malvertisement itself can attack a viewer.

    A simple example comes to mind: remember the JPEG decoding vulnerability affecting some browsers? An exploiting banner ad would only need to have its image served to attack a viewer.

    McAfee offers protection against images and iframes used in malvertisements, where the advertisers hosting the malicious content are known to our Global Threat Intelligence. Customers are encouraged to install SiteAdvisor (free at http://www.siteadvisor.com), which protects against these threats.

    Reply

Leave a Comment

16 + 6 =