InfoSec Blog - Protect Yourself from Malvertising

January 4, 2016

One of the goals of the InfoSec team is to raise awareness on campus of new and emerging threats online. In this blog post we look at Malvertising – what it is and how you can protect yourself and your data.

What is Malvertising?

Malvertising is short for ‘malware in advertising’ and is a platform for spreading malware online using embedded ads in legitimate online advertising networks and websites. Malvertising typically infects a computer in one of two ways. The first is by tricking the user into clicking a malicious ad on a website or pop-up message. The second way, which is being seen more and more, does not require the user to click on anything, but instead the system becomes infected simply by loading the web page. This is called a ‘drive-by download’ and because this happens in the background, typically the user won’t even realize it is happening.

That may sound scary, but there are some simple and effective ways that you can defend against malvertising.

Tips to Protect Yourself and Your Data

  1. Disable or uninstall browser plug-ins that you don’t use, including Adobe Flash and Java.
  2. Adobe Flash and Java are the most commonly exploited browser plugins, so always keep them updated to the latest version. Better yet, configure them auto-update.
  3. Keep your web browser and all browser plugins updated. Again, use auto-update if it is available.
  4. Ensure your anti-virus software is updated and has the latest definitions.
  5. Consider using ad-blocker software or plugin with your browser. For example, NoScript for Firefox lets you choose which Web domains run scripts and applets in your browser. Google Chrome has an advanced setting which helps detect and protect against phishing and malware.
  6. While legitimate websites have been used for malvertising, it is still advisable to limit browsing to the well-known and reputable sites. Avoid high-risk sites, such as online gaming/gambling, pornography, and peer-to-peer/BitTorrent sites

 

Written by: Stephen Willem (Manager, CCS Information Security)

Image Source: Freepik