Malvertising

An example of a malicious advertisement, claiming that the computer is infected

Malvertising (a portmanteau of "malicious software (malware) advertising") is the use of online advertising to spread malware.^[1] It typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages.^[2] Because advertising content can be inserted into high-profile and reputable websites, malvertising provides malefactors an opportunity to push their attacks to web users who might not otherwise see the ads, due to firewalls, more safety precautions, or the like.^[3]^[4] Malvertising is "attractive to attackers because they 'can be easily spread across a large number of legitimate websites without directly compromising those websites'."^[5]

Malvertising can be extremely hard to combat because it can quietly work its way into a webpage or advertisement on a webpage and spread unknowingly: "The interesting thing about infections delivered through malvertising is that it does not require any user action (like clicking) to compromise the system and it does not exploit any vulnerabilities on the website or the server it is hosted from... infections delivered through malvertising silently travel through Web page advertisements."^[6] It is able to expose millions of users to malware, even the most cautious, and is growing rapidly: "In 2012, it was estimated nearly 10 billion ad impressions were compromised by malvertising."^[2] Attackers have a very wide reach and are able to deliver these attacks easily through advertisement networks. Companies and websites have had difficulty diminishing the number of malvertising attacks, which "suggests that this attack vector isn’t likely to disappear soon."^[5]

^ Salusky, William (December 6, 2007). "Malvertising". SANS ISC. Retrieved September 11, 2019.
^ ^a ^b "Anti-Malvertising". Online Trust Alliance. Archived from the original on December 15, 2013. Retrieved September 11, 2019.
^ Johnson, Bobbie (September 25, 2009). "Internet companies face up to 'malvertising' threat". The Guardian. Retrieved September 11, 2019.
^ "The rise of malvertising and its threat to brands". Deloitte. 2009. Archived from the original on July 22, 2011. Retrieved September 11, 2019.
^ ^a ^b Cite error: The named reference zeltser was invoked but never defined (see the help page).
^ "Five-month malvertising campaign serves up silent infections". Infosecurity. Reed Exhibitions Ltd. February 12, 2013. Retrieved September 11, 2019.

[William_Salusky-1] Salusky, William (December 6, 2007). "Malvertising". SANS ISC. Retrieved September 11, 2019.

[OTA-2] "Anti-Malvertising". Online Trust Alliance. Archived from the original on December 15, 2013. Retrieved September 11, 2019.

[3] Johnson, Bobbie (September 25, 2009). "Internet companies face up to 'malvertising' threat". The Guardian. Retrieved September 11, 2019.

[4] "The rise of malvertising and its threat to brands". Deloitte. 2009. Archived from the original on July 22, 2011. Retrieved September 11, 2019.

[zeltser-5] Cite error: The named reference zeltser was invoked but never defined (see the help page).

[6] "Five-month malvertising campaign serves up silent infections". Infosecurity. Reed Exhibitions Ltd. February 12, 2013. Retrieved September 11, 2019.

[1]

[2]

[3]

[4]

[5]

[6]