Hackers are notoriously clever at committing crimes. Of all the criminal archetypes, they seem to be the most creative; so creative that we were forced to invent yet another word to describe their latest scams. Malvertising – a new shorthand for malicious advertising – is something very different from the traditional methods hackers have historically used.
This article is contributed by Caroline Black from Secure Thoughts
Introduction
In the past, cybercriminals relied on a standard bag of tricks to infect their victims with malware or coerce them into surrendering their personal information. Malware usually ended up on someone’s device because they downloaded an infected file. This remains especially true for users trying to acquire files and programs for free that would otherwise cost money.
In other cases, fake websites were generated to trick us into entering account information, payment details and other personal data without suspecting a thing. Hackers could create a website nearly identical to Facebook, for example, with a similarly convincing web address, such as facebooke.com. If you weren’t paying much attention to the URL, you could easily mistake it as the real site.
Malvertising is different. Although similar in effect to creating fake ad banners to redirect users to malicious websites, malvertising is particularly devious because it doesn’t just take place on third party websites; familiar websites such as YouTube can also become hosts of malvertising.
While that doesn’t mean you should stop visiting YouTube or other trusted websites, it does mean some new tools may be required to deal with this new menace.
Adblock Plus
As malvertising relies heavily on the presence of ads to spread malicious links to targeted audiences, the most direct way to deal with the problem is simply to block ads from ever appearing. Adblock Plus is easily the best tool for the job—at least for now.
PCs can take special advantage of using Adblock Plus as a browser plugin to totally shut down the most annoying forms of ads on everything from popular websites to lesser known pages. Of course, that luxury comes with a few caveats. Certain websites, including Forbes, have begun blocking users from visiting their pages if they’re running Adblock.
That’s why Adblock includes a feature to whitelist trusted pages. Whitelisting a page allows ads to be shown normally. Adblock also has a subscription service that allows you to use someone else’s list to selectively block pages to save you the time of creating your own list.
Obviously, Adblock has some issues (allowing trusted pages may mean opening yourself up to malvertising again), but most of the time it can be very useful. Thankfully, Adblock isn’t alone in helping you fight the battle.
Security Software and Services
Although it might sound like common sense to advise the use of an anti-virus app on your devices, a surprising number of users do not bother. In some cases, that’s because they believe anti-virus programs cost too much money. If that is a problem, most anti-virus companies offer free versions of their software for non-commercial use.
Exemplary companies include Avast, AVG and Panda. All three offer their security services free of charge across different platforms while also offering premium services for more concerned users. For users concerned about more advanced infections from malvertising, the use of Malwarebytes Anti-malware is highly recommended.
Another effective tool for dealing with hackers is a well-regarded Virtual Private Network (VPN). VPNs protect their subscribers’ information by routing their traffic through an encrypted connection that keeps data safe and anonymous. The primary goal behind most hacking activity is currently theft, so making your data unreadable to hackers can be an excellent deterrent.
One other thing to note about using a VPN: when you’re connected to a remote server, your IP address changes to reflect that server’s physical location. That means that malvertising, which uses the same traditional tactics as advertising to illicit clicks, will be less effective because chances are your local interests are very different from those at the end of your VPN’s server. You will be much less easily fooled.
Being Cautious
The most unfortunate part about malvertising is that it really can be indistinguishable from regular advertisements. Plenty of legitimate websites and businesses use “clickbait” (enticing ads and phrases) to lure potential customers into clicking their ads. Messages that contain phraseslike “win a $50 gift card” and “Your PC may be at risk!” fool a certain number of people into visiting pages every day.
The difference is the intention behind malvertising is never good or even remotely beneficial. Your best bet at avoiding these pitfalls is to avoid interfacing with ads at all. Even if you can’t block them with Adblock or other similar software, you always have the option just not to click on them at all.
Obviously, mistakes happen—that’s one of the several reasons to always have security software—but caution needs to be the name of the game. Use your best judgment and when in doubt, take the safer route. Remember that anything that looks “too good to be true” often is.
Software developers are no doubt seeking solutions to put a stop to malvertising, but in the meantime, you’ll need to take the reins yourself. Don’t get caught off guard; stay vigilant and be safe.
What are you doing to protect yourself from malvertising? Is this your first time hearing about it? Share your thoughts in the comment section below.
About the Author: Caroline is an online security specialist and entertainment blogger. She often discusses new challenges faced by internet users as well as contributes to ongoing cultural discussions.
Image courtesy of Richard Burger
