Malvertising and adware tend to get bundled into the same definition, and while having a similar delivery platform, they have different agendas and different attack profiles.
Both rely on online advertising to do their damage, but a big difference is that malvertising attacks tend to come from ads on legitimate websites. On the other hand Adware, is malicious software that is already on your computer, software that the bad actors tricked you into installing when you were downloading something else – typically freeware.
How does Malvertising work?
Redirection – When you click on a malware ad you are typically redirected to spoof sites that look legitimate but are actually set up for phishing attacks (attacks where bad actors try to trick you into giving up personal information such as your Social Security number, credit card numbers or bank account credentials). These spoof sites look like legitimate sites, typically mimicking the webpages of banks, credit unions, or credit card providers.
Malware – this type of malvertising is proactive and can quickly infect your computer. This type of malware populates legitimate sites — ones that you may visit every day — but they now contain infected banner or box ads. If you on these ads, spyware, viruses, trojans or other types of malware may be installed on your computer without you even knowing.
This type of malicious software can be especially dangerous because it often operates in the background, stealing your personal and financial information, tracking your keystrokes and monitoring your email messages without you ever noticing.
You don’t even have to click – you might think you’re safe from malvertising because you never click on online ads, including pop-ups. But here’s the scary part: even if you don’t click, you’re not safe from malvertising. That’s because there is a type of malware known as drive-by downloads which can infect your device with spyware or malware as soon as an infected page starts loading. You don’t have to click anything to start the process – scary.
How to protect against Malvertising?
Invest in an antivirus/antimalware program
Like with all forms of malware, including malvertising, the best strategy is to use a high-quality antivirus/antimalware tool on your devices and make sure if is always up to date. Updates are designed to protect your device against specific forms of malware, including malvertising, which are constantly changing. If you fall behind on updates, you could leave your devices vulnerable.
Turn on click-to-play on all your browsers
Web browsers off a “click-to-play” option. By setting this option, any online content that requires plugins to work — such as Java, Adobe Reader, QuickTime or Flash — will be disabled unless you manually give your OK for the content to play.
If you want to help protect yourself from malvertising, be sure to enable the “click-to-play’ option in your browser’s settings. This setting will protect from drive-by download malvertising.
Install an ad blocker
Eliminating ads from appearing on your devices is one of the best methods to protect yourself from malvertising. You won’t accidentally click on a malicious online ad if that ad doesn’t appear on your device. That is the intent behind ad blockers. If you install one — some are free, others you pay for — it will clear webpages of ads, which could help protect you against malvertising in the process.
Just to be clear not all ad blockers stop all ads. And some websites might not run properly if an ad blocker is turned on. You can configure ad blockers to allow online ads from certain sites that you ok.
By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.
What is a Password Manager?
A password manager is an encrypted storage system for keeping and managing passwords usually protected by a master password. Some password managers use biometric data to protect the vaults instead of master passwords. Still others support the use of two factor authentication for higher security.
What is Digital Identity?
A digital identity is a set of unique features and characteristics identifiable to an individual, organization or digital device used for transactions, interactions and representations online. It is essentially any personal data existing online that can be traced back to you.
What is 256 Bit Encryption?
256 bit encryption has quickly become the industry standard for ensuring security of your data, security of your communication and is really now minimum encryption level for securing your digital environment.
What is Social Engineering?
Social Engineering in the digital world is the intentional deception and manipulation of victims to cause the release and sharing of confidential information used to commit fraud and other cybercrimes.
What is a Potentially Unwanted Program (PUP)?
PUPs refer to programs, applications and other software downloaded onto computers or mobile devices that may have an adverse impact on user privacy or security. The term “potentially unwanted program” was coined by McAfee to distinguish the program from malware.
What is a DDoS (Distributed Denial of Service) attack?
DDoS attack or Distributed Denial of Service, is a coordinated attack intended to crash and make unavailable targeted websites and online systems by overwhelming them with data.