Advertisements that not only look legitimate but also contain malicious code in an effort to infect systems are known as a Malvertisements. Cyber-criminals use Malvertisements to try to spread their malware to a greater audience of users by submitting malicious ads to online advertisement networks. The ad networks are usually not aware of the cyber criminal’s intent and approve non-malicious ads, initially submitted by the criminals. Once the ad is approved the cyber criminals switch out the legitimate ad for the malicious one, right under the noses of the ad networks.
The networks fail to check modifications made to the advertisements and therefore allow the Malvertisments to be shown on their customers’ webpages. The ad networks also quickly cycle through different advertisements with each view of the customer web-page. The dynamic scrolling of ads makes it difficult not only to flag the existence of a Malvertisement circulating on a network but also identifying which advertisement is the culprit!
Here are a few examples of Malvertisements in action:
July 2010: TweetMeme.com
- Malicious Advertisements targeted site visitors after a rogue advertiser spread a malicious advert through y5-media.com. The result was users redirected to drive-by attack sites that installed fake antivirus malware
April 2010: Facebook Farm Town Game
- An advertisement served on a popular Facebook game was delivering Rogue AV software, claiming that the user’s system had been infected with malware and their product could help them
May 2012: Malvertisements found on Blogger Website
- Adverting network, Clicksor, was found serving malicious advertisements to users of a Blogger website leading to the BlackHole Exploit Kit
As you can see, Malvertising happens all the time; and while the effort from the community to fight these attacks has advanced greatly over the last few years, the threat is far from gone.
Using a product like Malwarebytes Anti-Malware can help with these type of infections.