Malvertisement the covert advert

1
Malvertisement The Covert Advert

• Malvertising
• Sounds like a mouthful, I know.
• But its a word-blend (postmanteau) between
  Malware and Advertising.
• To put it simply, the use of online
  advertisement to spread Malware

www.izoologic.com
2
Malvertisement The Covert Advert

• Malvertising is what occurs when online
  advertising is used to spread malwares.
• Malvertising is what ensues when attackers
  purchase ad spaces in famous or legitimate
  websites and inject them with ads that are loaded
  with viruses, spywares, malwares and all sorts of
  cyber waste out there youve never even heard of.

• Basically, any display advert that delivers a
  code-based threat to the visitors browsing
  session can be thought of as a malvertisement.

www.izoologic.com
3
Malvertisement
How Does It Work and Who Are Affected?

• I know, these attackers are quite sneaky and
  thats true. Thats how they operate.
• And they dont really care if the sites are big
  shots like Google, Yahoo, Spotify, Ebay or even
  Reuters.
• The more popular a website is, the more users
  they can infect. It provides them with a wider
  platform to push their attacks to unsuspecting
  web users who might not otherwise see the
  adverts, due to firewalls, more safety
  precautions or the like.

www.izoologic.com
4
Malvertisement The Covert Advert

• So what goes down, exactly?
• Attackers attach themselves on trusted,
  legitimate websites as bait.
• These attackers aim for clean and reputable
  websites specifically those with lots of frequent
  visitors (e.g. Youtube, Spotify, NY Times, Yahoo,
  AOL, NFL, etc.).
• Many websites, especially the large and popular
  ones with several thousands or millions of users
  per day, rely heavily on third-party vendors and
  software providers to display their adverts for
  them.

This, in turn, reduces direct oversight and the
amount of scrutiny that should that should take
place security-wise. This kind of data automation
makes online adverts vulnerable to malvertising.
www.izoologic.com
5

• Malvertisement The Covert Advert

The websites themselves arent infected, and the
advert publishers have no idea that they are
blasting malicious content into potentially
thousands and possibly millions of computers
until its too late.
Moreover, it has become quite a challenge for
cybersecurity experts to properly identify
exactly which adverts carry malicious contents
because the adverts on a certain page change
constantly. One user may get infected, but the
next five, who visits the exact same page wont
be.
www.izoologic.com
6
Malvertisement The Covert Advert
Im OK as long as I dont click those ads, right?
FACT PCs can be infected pre and post-click.
It is a very common notion that the actual
malware infection happens when visitors to the
infected site begin clicking on a
malvertisement. But thats not the case.
Instances of these pre-click malwares include
being incorporated in main scripts of the webpage
or what we call drive-by-downloads. These
malwares can be programmed to auto-run, , meaning
it can automatically take a user to a different
site entirely and that site could be potentially
malicious. Malwares can also be programmed to
execute in the delivery of an advert wherein a
clean advert that has no infection pre or post
click (in its original design) can still be
infected whilst being requested.
www.izoologic.com
7
Malvertisement The Covert Advert
Malvertising is a relatively fresh and perceptive
approach for spreading malware and is even harder
to prevent because it can work its way into a
legitimate webpage and spread through a system
unknowingly.
An interesting thing about these infections via
malverts is that it doesnt require any clicking
from the user to compromise the system and
doesnt expose any weaknesses on the website or
even the server it is hosted from. The
complexities of these infections are so diverse
and yet its delivery is as simple as injecting
through advertisement networks.
www.izoologic.com
8
Malvertisement The Covert Advert
Major companies and websites have had their share
of challenges in battling the growing number of
malvertising attacks, which hints that its not
going away anytime soon.
www.izoologic.com
9
OK. How Can We Fend Off These Attacks ?
Unfortunately, with this kind of attack vector,
its quite difficult to defend ourselves against
it head-on. But, there are a few things that we
can do to possibly protect ourselves, if not,
prevent these cyber-attacks from happening.
Disable / Turn Off Java In most cases, you
wont need Flash too. The less plugins you have
installed or enabled, the lesser potential entry
points youre leaving for malverts.
www.izoologic.com
10
OK. How Can We Fend Off These Attacks ?
Make sure your plugins are updated If you must
install plugins, make sure they are updated for
them to be effective. Developers regularly issues
updates to fix security gaps so make sure you
install them.
Make sure your browser is updated with the latest
version This is a no-brainer. Most
cyber-attacks are often introduced via browsers
due to security holes. It pays off to making sure
you have the latest security updates installed.
www.izoologic.com
11
OK. How Can We Fend Off These Attacks ?
Consider installing an Ad-blocker, Pop-up blocker
or Anti-malware program This is another
option to fight off those nasty pop-ups and other
malwares unknowingly creeping its way to your
system.
Get a decent Antivirus Software Your first
line of defense against viruses, malwares, and
other forms of cyber-attacks.
www.izoologic.com
12
Malvertisement The Covert Advert

• Its important to keep in mind that at the end of
  the day, no matter what kind of device you use,
  you just need to be aware and be mindful of the
  sites you visit, the apps or programs you
  install, and how it affects your privacy.
• Always make sure you are updated and
  well-informed with the latest trends and
  developments in Cyber Security here at
  iZOOlogic.com/blogs.

Vince Luna iZOOlabs Security Response
www.izoologic.com
13
Level 1, 444 Castro Street, Mountain View,
California, USA
1 650 396 3352
sales_at_izoologic.com
www.izoologic.com