Malvertising (the word is a contraction of “malicious advertising”) and means to use online advertising to spread malware which is computer viruses and programmes that take over your PC or steal identity information etc.
Malvertising is carried out by inserting malicious adverts into legitimate advertising networks and the ads can end up on highly reputable websites. Malvertising is “attractive to attackers because they ‘can be easily spread across a large number of legitimate websites.
Malvertising is hard to combat because it can work its way into a webpage and spread through a system unknowingly: It is able to expose millions of users to malware, even the most cautious, and is growing rapidly:
In 2012, it was estimated nearly 10 billion ad impressions were compromised by malvertising and things are not really getting much better.
Malvertising often involves the exploitation of trustworthy companies. Those attempting to spread malware place “clean” advertisements on trustworthy sites first in order to gain a good reputation, then they later insert a virus or spyware in the code behind the ad, and after a mass virus infection is produced, they remove the virus, thus infecting all visitors of the site during that time period. The identities of those responsible are often hard to trace, making it hard to prevent the attacks or stop them altogether, because the ad network infrastructure is very complex with many linked connections between ads and click-through destinations.
In 2015, there were Malvertising attacks against, eBay, answers.com, talktalk.co.uk and many others. It involved breaches of ad networks, including DoubleClick. Even the New York Times and the London Stock Exchange were affected.
This is difficult for the end user to combat as it depends very much on the security at the advertising networks.
Don’t automatically trust adverts on respected websites as they may not realise what’s being advertised.
Yes they can. A malicious piece of software called ransomware can be unintentionally installed on your computer and hold you to ransom for access to your own files.
You may have clicked on a seemingly innocent email or website and the ransomware has downloaded to your computer. Then a screen appears with a message such as
“All of the files on this computer have been encrypted. You have 24 hours to submit payment to receive the encryption key, otherwise your files will be permanently destroyed.”
You can choose to pay, in the hope of getting access to your files but there is no guarantee. You can choose to ignore the threat or you can go to an IT expert for assessment. Sometimes the message on screen is more threatening, such as
It may display what looks like an FBI page warning that you have committed an illegal act and must pay a fine or it may appear to a UK Police Force or some other authority. It is all fake of course as the FBI and other authorities do not practice blackmail.
To protect your computers against ransomware, make sure you have up to date anti-virus installed, take regular backups of all important documents and consider installing anti malware software.
Across the globe in 2014, there were 8.8 million ransomware attacks reported and this crime is rising rapidly.