What “Malvertising” Is, How It Affects You and How to Stop It

When browsing the Internet it can be annoying to be harassed by advertisements. From autoplaying videos to pop-ups that cover the website’s content, they can be annoying. Unfortunately, that’s not the worst thing adverts can do – they can also be distributors of malware as well! This is the case with “malvertising,” a nasty way of getting malicious software onto computers.

What Is Malvertising?

Simply put, malvertising is a way of “lacing” a genuine-looking advertisement with malicious code. This can either be an execution of code that talks to a malicious server and downloads malware to the victims PC or one that redirects the user to an infected website. Equifax was hit by a malvertising attack themselves, which redirected people’s browsers to a fake Flash installation page loaded with malware.

Regardless of the way the attack plays out, all malvertising attacks have one goal: to strike at computers via advertising.

Why Adverts?


It may seem strange for someone to want to make a malicious advertisement. Why, of all ways, would someone choose an advert to spread malware?

The effectiveness of malvertising becomes evident when you consider how widespread advertising can be. If a malicious advert is successfully placed on a popular site, it may see thousands, if not tens of thousands, of hits a day. With each hit comes the potential for the attack to go through and infect the computer with the malware.

How Does This Happen?

Of course, malvertising has to be covert in order to be effective. Adverts are usually distributed through advertisement channels, and if any malicious content is found within these channels, it’s immediately taken out. However, if the advertising service isn’t stalwart in weeding out malicious adverts, especially ones that change into a malicious ads over time, malvertisements can sneak past the security and display themselves to users.

Unfortunately, advertisement revenue is a big part of how some websites stay online. As such, they may look for advertisement channels that offer them the best income for the advertisement clicks. Should the advertisement service not be 100% reliable in catching malvertisements, it can end up hurting the website owner when their site becomes a hotspot for distributing malware.

Of course, as a malware distributor, you don’t have to worry about advertising channels if you don’t go through them at all. As per the Equifax example above, a security breach can give a hacker access to the layout of a legitimate site. Once in, a distributor can set up malvertisements to show on the site, so that people visiting will be bombarded by them.

In short, malvertisements usually crop up when a security breach has been successfully carried out. This could be smuggling a malicious advert past a service’s checks or hacking the website directly and adding the adverts that way.

How Can I Avoid It?

Advertisements help free web services grow and develop. As such, they’re everywhere we go, from giants such as YouTube to small blogs trying to earn extra revenue. This makes the case of tackling malvertisements quite tricky. They can be a great source of revenue for sites, but as soon as a “bad egg” enters the mix, it can damage the trust of its users. However, there’s no need to worry; there are plenty of things you can do to prevent an attack.

Visit Trustworthy Sites

If you visit the websites of very popular companies, it should reduce your risk of a malvertising attack. It’s not 100% foolproof, however; big sites such as MSN and Yahoo have been hit by malvertisements before. However, the risk of malvertisements grows as you move towards shadier sites or ones with lax security. Try to stay on the safer side of the Internet to minimise your chances of being attacked.

Use an Ad Blocker (Sparingly!)


Of course, malicious adverts can’t affect your system if they’re blocked before they’re shown. As such, an ad blocker can help stop malvertisements from getting into your system. If you take this route, however, be careful with how you use it. A lot of genuine sites with good advertising services depend on your support to keep the lights on. Make sure to disable the ad blocker when visiting a trustworthy site so you can support the webmaster.

Keep Plugins Updated (Or Out of Sight)

If you use plugins such as Flash or Java, make sure you keep these updated with the latest security patches. Even better, if you don’t use them, disable them entirely or force them to ask for permission every time they want to run. This closes off flaws that malvertisements can use to get into your system.

Keep Your Browsers Updated


Of course, you can also do the same for your browser. Malvertisements can work their way onto your computer via security flaws in your browser. If you’re using a good browser, these exploits will be patched as they’re discovered. Make sure that it has all the latest updates and security fixes to give malicious adverts a harder time infecting your system.

Awful Ads

While the idea of malvertising can be terrifying, you can keep on top of it if you’re careful. Now you know what malvertising is, how it works, and how to beat it.

Have you heard of or witnessed any malvertising attacks yourself? Let us know below!

Simon Batt
Simon Batt

Simon Batt is a Computer Science graduate with a passion for cybersecurity.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox