Malvertising Definition: What Is Malvertising?
Malvertising refers to malicious advertising that is used to inject malware into users' computers when they visit a website or click on an ad on the internet. Malvertising may also direct a user to a corrupted website where their data can be stolen or malware can be downloaded onto their computer.
How Does Malvertising Work?
Malvertisements, in the context of this malvertising meaning, are spread through the internet, appearing on both illegitimate and legitimate websites.
In many cases, the advertiser may not be able to tell the advertisement is malicious, so they run it, thinking it is harmless. After the advertiser agrees to run the ad, it gets sent via a server to otherwise harmless websites. After a user clicks on the malvertisement, code starts running in the background, causing it to potentially download malware onto the user's computer. This is referred to as a drive-by download.
In some cases, the user does not even need to click on the advertisement for the drive-by download to be successful. As long as they load the webpage, the malware can be downloaded. If someone clicks on malware, however, they may get sent to a different webpage that is designed to exploit vulnerabilities in their browser.
How To Identify Malvertisements
Malvertisements have a few distinct traits that can make them easy to spot if you know what to look for, including:
- Ads that look sloppy or unprofessional
- Ads with spelling mistakes
- Ads that have unrealistic promises, such as amazing cures
- Ads talking about celebrity scandals
- Any ad that advertises something that is too good to be true
- Ads that do not seem to align with your recent search activity
What Are the Risks of Malvertising?
Malvertising comes with considerable risks that can threaten your computer, network, or mobile device.
Inoperable Computers and System Networks
Because malvertising can result in malware being downloaded onto your computer or into your network, one of the primary threats it presents is a complete or partial breakdown of your computer. Malware of any type, including ransomware, adware, bots, and other malicious software, can be downloaded onto your computer by a malvertisement without you knowing.
Once the malware is on your computer, it can infect your system on its own, rendering it inoperable, or set the stage for a hacker to penetrate your system later on. The attacker can then inject malicious code into your computer that renders it inoperable.
Malware can attack your computer by overburdening the processors or taking up all its random access memory (RAM). This can cause your computer to overheat and result in the failure of hardware components connected to the motherboard. Also, it is possible for some hardware components, such as your computer’s camera, to be hacked by malware that gets introduced by a malvertisement.
Data Loss and Data Theft
Malware from malvertisements can be programmed to steal your data. They can also leave backdoors open for thieves to come in and steal your data or that of your customers and clients at a later date.
Malvertisements can also install spyware onto your system, which can spy on your activity, including how you enter your login credentials on websites. These are called keyloggers, and if they are running on your system, they can record your login info for everything, from your email to your bank account. They can then send that information to a hacker who can either sell it or try to exploit it themselves.
Malvertising vs. Ad Malware
Malvertising and malware, while somewhat similar, are different. Malvertising occurs as a result of criminals using malicious ads within an advertising network. They then appear on a website and impact victims who visit.
Ad malware is different in that it gets installed on a user’s computer and inundates the machine with unwanted advertisements. Malvertisements can be a vehicle for getting malicious adware installed on someone’s computer, however.
How To Prevent Malvertising
You can prevent malvertising using several different methods, from installing software to adjusting your settings to simply avoiding advertisements altogether.
Install an Ad Blocker
If you install an ad blocker, ads will not pop up on your screen, including malvertisements. This way, when you go to a webpage with malvertisements on it, you will only see the webpage’s content and not the fake ads hackers have worked into the advertising network.
Turn On Click-to-play for Your Browsers
Your browser has a click-to-play option, so any content that needs a plugin to play is disabled unless you specifically choose to click on it. With click-to-play enabled, you can be protected from malvertisements that automatically run when plugin content loads on a page.
Use All-around Antivirus Software
Antivirus software can be a powerful deterrent against malvertisement because it is designed to prevent particular kinds of malware, including malvertising. The key is to keep your antivirus software updated. If a new type of malvertising gets introduced to the internet, you want to ensure your antivirus can identify it and protect your system.
Identify Ads That Seem Illegitimate
If you see an ad that looks as if someone just haphazardly threw it together, if could be malvertising. Malvertisers may not put the time and effort into designing a polished, professional-looking ad in the same way a professional ad company would.
You should also check for spelling errors. Malvertisement designers who hail from other countries may target people in your language but make obvious errors. If you see spelling errors in an advertisement, do not click on it.
Any ad that contains promises that seem unrealistic may be clickbait tempting you to click on a malvertisement. Do not click on ads like this even out of curiosity. You should also keep in mind that if you do click on one, you may not even notice that malware has been downloaded, so even if nothing happens after you click, your computer can still be compromised.
You can also choose to never click on any ads that show up on your computer. In this way, any malvertisements that require a click to be activated will not be able to penetrate your system. If you are interested in a product or service, you can look up the company in the ad and inquire directly through email or via a phone call. This way, you avoid malvertisements and the various types of malicious code they can introduce to your system.
How Fortinet Can Help
FortiSandbox can be used to trap malware that has penetrated your system. It confines what an application can do and where it can go, trapping it inside a safe, quarantined area. At that point, the rest of your system and network are safe. Cybersecurity administrators can then study the malware or simply discard it. When studying the actions of malware, admins can learn its behavior and use this information to bolster threat intelligence to defend against that and similar attacks in the future.
Also, the Fortinet Secure Web Gateway (SWG) can protect your business from malicious traffic. It can identify a threat before it enters the network and then discard relevant data. This is accomplished using secure sockets layer (SSL) inspection, which is able to detect malware even if it is hidden within encrypted data.