Ads on the web have become essential tools for companies to promote their products, and for people to learn about bargains. But they’ve also caught the attention of cybercriminals who increasingly use them as virus and spyware-spreading channels. Their goal? Damage your data, steal your personal details or even control your computer remotely. This is when useful ads go malicious and harmful, and are referred to by specialists as “malvertisements”.
There are two common methods used by cybercriminals to spread viruses and other malware through ads on the Internet:
One entails criminals acting as trustworthy companies. They place a series of “clean” ads on trusted sites that host third-party ads, and leave them running for some time to gain a “good reputation”. Then, they attack – they insert a virus or spyware in the code behind the ad, and after a mass virus infection is produced, they remove the virus. In this case, because the ad network infrastructure is very complex with many linked connections between ads and click-through destinations, the criminals’ identity can hardly be traced.
Another common way for criminals to turn legitimate ads into malicious ads is by hacking trusted sites and injecting viruses into banner ads. Examples of trustworthy sites that have been hacked and used by cybercriminals to insert viruses in the ads are The London Stock Exchange and The New York Times. Usually, the next day – after the harm’s been done – they’re gone. These types of malvertisements can take the form of Google ads, pop-ups, antivirus notifications or even software upgrades.
What can I do to avoid virus infections contracted from malvertising?
Know the exact type of the file! This is one of the most efficient and yet simple solutions: set your Windows to show the complete file name. This way you will be able to avoid most of the infections masked as ads, pictures or email attachments. For example, if you receive a picture which is named Cute_Kitten but the complete file name is Cute_kitten.exe, that's not a picture for sure. To enable this option, go to Control Panel ->Folder Options ->View ->uncheck the "hide extensions for known file types" box, then click "Apply" and "OK" buttons.
Don’t be too trusting! If, say, a random pop-up appears on your screen saying you’re the one hundredth visitor and you won something huge (free), chances are that’s a malicious ad, and the only thing you can win by clicking it is a virus. Also, do not trust pop-up online surveys. Long story short, avoid such ads.
Update, update, update! Out-dated software on your computer (browsers and other applications installed on your PC) makes you more vulnerable to hackers and viruses. And due to the fast evolution of malvertising methods, it’s always best to have a vulnerability scanner to check your system for out-of-date software and update it.
Be extra careful during weekends! Malvertising campaigns are usually triggered over weekends, when IT resources are low and attacks are less likely to be noticed. Make sure you have effective antivirus protection that includes “safe browsing” functionality, so that with each site you visit, you’re notified whether it’s safe to access it or not. BullGuard Antivirus contains a feature like that.
Prevent, rather than cure! While you can’t always figure out which ads are, in fact, malvertisements, you can lower the chances of getting infected by installing comprehensive internet security software. BullGuard Internet Security 12 is, in this respect, a great solution to all internet security problems – including malicious ads that run amok –, as it comes with the broadest selection of internet security features on the market and 24/7 free support .