Malvertising: What is it and how to avoid it
You can face plenty of online threats when you surf the web. And those threats don’t hide solely on malicious websites. You could accidentally infect your computer with malicious software even when visiting the most legitimate of sites if you’re not careful. The reason? Malvertising.
What is malvertising?
Malvertising is often confused with adware. That's because both attacks rely on online advertising to do their damage.
The big difference, though, is that malvertising attacks come from ads on legitimate websites. Some past malicious advertising campaigns targeted the websites of such major companies as the London Stock Exchange, MSN, and Yahoo.
Adware, on the other hand, is malicious software that is already on your computer, software that you were probably tricked into installing when you were downloading something else.
How does malvertising work?
You can fall victim to malware by either clicking on an infected ad or even just by visiting a website that is home to a corrupted ad. This second type of malware attack, known as drive-by downloads, is especially troubling. An infected ad only has to finish loading before it will harm your computer.
Cybercriminals can launch malvertising attacks by buying ad space from advertising networks and then submitting infected images with malicious code. Their hope is that legitimate sites will run these ads and that you will either click on them, believing them to be legitimate ads, or let them load and infect your computer that way, before the malicious ads are discovered and removed.
What are the risks of malvertising?
Malvertising campaigns and malicious ads can pose risks to your personal information. Here are the most worrisome risks:
Hackers might nab your financial information
Some malvertising is designed to trick you into giving up your personal information, especially your financial information. If hackers gain access to your bank account numbers or banking passwords, they could drain your accounts before you notice.
Thieves might run up your credit card debt
If hackers manage to steal your credit card information, they might use your cards to make purchases for themselves. You can dispute these charges, but you first have to notice them, and if you don’t check your credit card bills regularly, you might end up accidently paying for purchases you haven’t actually made.
Your computer might get infected
Malvertising can also install viruses and other malicious software on your computer. You might not even know that this malware is there. But hackers might use it to track your keystrokes, steal your passwords or take over your computer.
Examples of malvertising
Malvertising comes in all shapes and sizes but all forms can pose risks to your sensitive information. Here are some common malvertising examples.
Clicking on a malware ad will often redirect you to spoof sites that look legitimate but are actually set up for phishing attacks, in which criminals try to trick you into surrendering personal information such as your Social Security number, credit card numbers or bank account credentials. These sites are designed to look like legitimate sites, whether they are mimicking the webpages of banks, credit unions, or credit card providers.
The other main type of malvertising is more proactive and can quickly infect your computer. This version of malware populates legitimate sites — ones that you might visit every day — with infected banner or box ads. Clicking on such an ad could install spyware, viruses, trojans or other types of malware on your computer.
This type of malicious software can be especially dangerous because it often operates in the background, stealing your personal and financial information, tracking your keystrokes and monitoring your email messages without you ever noticing.
Sometimes you don’t have to click
You might think you’re safe from malvertising because you never click on online ads, including pop-ups. But here’s the scary part: Even if you vow to never click an ad, you’re not completely safe from malvertising.
That’s because the version of malware known as drive-by downloads can start infecting your computer with spyware or malware as soon as an infected page starts loading. You don’t have to click anything to start the process.
3 Ways to avoid malvertising
Avoiding malvertising takes vigilance, but it’s possible to defend against it. Here’s how:
Invest in an antivirus program
The best way to protect yourself against malvertising is to install and run a reputable antivirus program on your computer. And once you install antivirus software, make sure to promptly approve any updates.
Often, these updates are designed to protect your device against specific forms of malware, including malvertising. If you fall behind on updates, you could leave your computer vulnerable.
Turn on click-to-play for your browsers
All browsers allow you to select the "click-to-play" option. By selecting this, all online content that requires plugins to play — such as Java, Adobe Reader, QuickTime or Flash — will be disabled unless you manually give your OK for the content to play.
If you want to help protect yourself from malvertising, be sure to enable the “click-to-play’ selection in your browser's settings. This will protect you from drive-by download malvertising. How you access this option depends on your individual browser.
Install an ad blocker
You won’t accidentally click on a malicious online ad if that ad doesn’t show up on your screen. That’s the theory behind ad blockers. If you install one — some cost money, others are free — it will clear webpages of ads, which could help protect you against malvertising in the process.
Be aware, though, that not all ad blockers stop all ads. And some websites might not run properly if an ad blocker is turned on. Fortunately , you can tell ad blockers to allow online ads from certain sites.
Help take back control of your online privacy.
With the Norton Privacy Manager app, it’s easy to be smart and secure about what information you share online.
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.