43 Malvertising

Malicious adverts commonly known as malvertising is a problem facing every computer user whether on a laptop. desktop computer or mobile device, as advertising is core to keeping vast amounts of the internet and the associated services we use free. The problem has evolved from adverts that could only affect you if you clicked on them to being potentially affected just by the fact that they have been displayed on your computer or device. This is commonly achieved through embedded scripts that open hidden webpages that you cannot see, connecting you to malicious websites hosting automated exploit kits when the advert is displayed.

The criminals use a variety of techniques to display their adverts within legitimate online advertising networks and to the end users, these adverts look just like any other advert. It is a very effective way of infecting lots of people without them being aware, which is why the problem has been around for so long. Even if they cannot automatically infect you, the embedded scripting in the malicious advert can identify what type of operating system and web browser you are using and try to mimic built-in system alerts and dialog boxes to try to phish you for account credentials. If you are unexpectedly presented with a request to enter your username and password, for no apparent reason while browsing the internet, err on the side of caution and close the browser.

If you do happen to unwittingly click on a malicious advert, it can take you to a fake product website, a phishing website, try to infect you via an exploit kit or fake download, or on a mobile device take you to a premium website that will be charged against your account if you click on some type of ‘proceed’ or ‘accept’ button using the Payforit mobile payment system. Unfortunately to protect yourself from malvertising there is no simple answer, but instead a combination of good internet security hygiene from all the previous chapters will greatly help. 

These range from:

1. Paying for a premium antivirus solution
2. Apply updates and security patches for your device or computer operating system 
3. Use a modern web browser and update it regularly
4. Disable unused or unnecessary plug-ins from your web browsers
5. Use a DNS filter like Quad9.net
6. Use a Virtual Private Network (VPN) especially on a mobile device
7. Use an ad blocker, though these can also break lots of legitimate websites.

If you suspect your computer may have been compromised by a malicious advert, see Chapter 30 - Removing A Virus.

Index or next chapter Unsupported Software