Online ads can tell you about products you might be interested in, alert you to breaking news, remind you of items you’ve left in your shopping cart … and infect your computer with malicious software, or malware, that can be used to steal your personal and financial data.
The latter, darker side of online advertising is called malvertising, a mashup of “malicious” and “advertising.” Malvertising has been around for about a decade, and it’s a particularly difficult form of cyber attack to prevent or even identify. It’s also growing in popularity, with more than twice as many attacks expected on top websites this year compared to 2014.
Here’s how malvertising works: Websites make money by allowing online ads to appear on their pages. The advertising is typically provided through third-party ad networks, not all of which have strict criteria for advertisers. There’s also little time to enact controls since advertisers bid in real time to have their ads appear automatically on popular websites.
It’s little surprise, then, that some of the ads provided through the networks—ads that appear to be typical product promotions or breaking-news announcements—may be malvertising. These fake ads contain malicious objects or code that can slide past firewalls to infect PCs and other devices.
So you’re thinking that you’ll simply avoid clicking on any ads from now on, right? Alas, that won’t necessarily save you since some forms of malvertising can spread onto your device without need for a single clicking.
Fortunately, there are a few other steps you can take to at least reduce the chances that your device will become infected. First, enable “click-to-play” plug-ins so that your web browser won’t load content automatically—which is what most malvertising depends on.
Another essential housecleaning task is to keep your software up to date, including everything from your web browser to apps to Adobe Reader. The latest versions have the most up-to-date defenses against malvertising and other forms of
Third, download anti-virus and ad blocking software to protect against threats including malvertising. Look for software that will also remove any malicious software that is currently on your system.
There are other steps you can take too, but the broader point is that it’s important to recognize that online activity comes with very real risks. Just as we wouldn’t drive off in a car without putting on a seatbelt, we shouldn’t go online without taking at least some basic measures to protect ourselves from threats like malvertising.
Here’s an example of what’s said about the need to keep your software updated: Vendors like Microsoft and Apple periodically release hotfixes, service packs and security patches to correct known defects in their operating systems. Many threats function by exploiting known vulnerabilities for which patches are available. Computers with all manufacturer patches applied are invulnerable to these threats.