written by Chris Griesemer

What is malvertising? Malicious advertising creatively utilizing online advertisements to spread malicious code that may infect a computer. Both Weather.com and Yahoo.com have been victims of malvertising.

Malvertising Techniques
Drive-by malvertising occurs when malware payload is delivered to a user who simply visits a website. The malvertising is so sophisticated it can even detect if the user has an anti-malware software that might expose the attack.

Redirects are advertisements that fool the user into going to a fake page. Normally, this type of attack requires interaction from user to allow the malware to be installed onto a system.

Fake Viruses and Fake Updates could be a pop-up explaining your system is corrupt and the only way to fix it is to download their software. Adobe Flash and Java Runtime updates are the most common types of these attacks.

How to Safeguard

  1. Keep computers patched.
  2. Take the job of updating a computer out of the hands of your users. If patch management is handled at a central location through some software like GFI Languard, users can be told that they never have to update their machines which will help on clicking on fake update messages.
  3. Use browsers like Chrome and Firefox that require permission to use Flash or Java on a page.
  4. Install ad blockers to stop ads from being displayed on your screen.
  5. Web filtering allows a company to determine what websites users can go to.
  6. Provide education to keep users informed and up to date about new threats.

For more information or if you have any questions, please contact Chris Griesemer at The Whitlock Company 417-881-0145.