Mal­vertising: how to protect your computer

Over the years, the internet’s potential has continued to develop and has given marketers even more pos­sib­il­it­ies. One of the classic ways of ad­vert­ising is to have banners along the sides of each webpage, which usually contain a link to the provider. But for many years now, internet criminals have taken advantage of this kind of online ad­vert­ising by hijacking innocent ad­vert­ise­ments and infecting them with malicious software for weeks and months at a time. In IT circles, this com­prom­ised ad­vert­ising is called 'mal­vertising' and is proving very chal­len­ging for marketers and web­mas­ters.

Our article explains what mal­vertising is, how it works, and how you can protect your computer.

The term mal­vertising is a port­manteau, made up of the word 'malware' and 'ad­vert­ising'. The purpose of this kind of malicious software is to infect a computer or network via existing ad­vert­ising banners on the network. There are many ways in which internet criminals can do this: infecting websites through mal­vertising is just as possible as infecting an entire ad­vert­ising network and spreading harmful code over it.

When a visitor clicks on one of these banners, malicious scripts, Flash ap­plic­a­tions, and others, programs are auto­mat­ic­ally executed. These then infect the computer with viruses or Trojans. Often, un­sus­pect­ing victims are also re­dir­ec­ted to un­trust­worthy or ma­nip­u­lated websites after clicking on the ad. Sometimes simply accessing a website, which has a ma­nip­u­lated banner on it, is enough to infect your computer. This is known as a 'drive-by download'.

Internet criminals use popular, well-known websites to dis­trib­ute their mal­vertising. This means that any website that offers ad­vert­ising space can be affected. To what extent this is possible is seen in a recent example from the US: security experts revealed in 2016 that even large and well-known platforms such as AOL, BBC, and the New York Times had already been affected by mal­vertising. The Angler exploit kit sys­tem­at­ic­ally exploited the security flaws of Adobe Flash and Microsoft Sil­ver­light in order to spread the en­cryp­tion Trojan, TeslaC­rypt, to un­sus­pect­ing victims. In early 2016, MSN also fell victim to mal­vertising. Con­quer­ing this site alone meant that internet criminals had an enormous reach – it didn’t matter if only a fraction of the visitors had ma­nip­u­lated banners displayed to them and if even fewer clicked on them. Figures show just how serious the threat of mal­vertising has become. According to a survey by RiskIQ, there was a 132% increase in mal­vertising in 2016 compared to the previous year. Out of two billion ad­vert­ise­ments, it’s safe to say that an average of one in every 250 is infected. By infecting well-known websites with large reaches, criminals can kill two birds with one stone: on the one hand, they take advantage of these popular sites where visitors are more inclined to trust the ads, and on the other hand, they can reach more people. In the early days of the World Wide Web, it was usually websites with por­no­graph­ic or criminal content (i.e. pirate sites) that were affected, but now internet criminals also target users with normal surfing behaviour.

There are several ways that mal­vertising leads to your computer becoming infected: it can be triggered by a careless user or can happen without any help. Security gaps and installed plugins are often exploited as well as outdated versions of software. Internet criminals fre­quently exploit security gaps in Flash, which is now being used less and less because of this reason, and is instead being replaced by new HTML5 standards. A scenario that could activate mal­vertising is when the visitor clicks on the ma­nip­u­lated banner ('post click'). The victim won’t have a chance to do anything about it since the malicious code will either be executed im­me­di­ately, the user will be forwarded to a spam website, or a download will begin. Various forms of malware are also hidden in Flash files. The malicious software used in mal­vertising can be any form of malware ima­gin­able: from classic viruses to ransom­ware, and from spyware or key­log­gers, which spy on the data of their victims. However, 'pre click', even before the user has clicked on a banner, can run unwanted scripts. With this method, the malicious code is executed via a drive-by download. Different forms of malware can make life difficult for the user and infect their computer.

In addition to hacking in­di­vidu­al websites and preparing banners, criminals have long found another, more effective method of placing mal­vertising on renowned web platforms: ad­vert­ising networks. These act as mediators between ad­vert­isers and the pub­lish­ers that rent space on their websites. Criminals take advantage of the fact that it’s so easy to get their ads on these sites. Many sites don’t have a way of checking ads and criminals simply have to register and pay the fee to advertise. By means of so-called ‘pro­gram­mat­ic ad­vert­ising’, the ad­vert­ising is even auto­mat­ic­ally placed in real-time via a bidding process, meaning there’s barely any control over what gets shown.

This is how criminals manage to get their mal­vertising displayed to millions over the space of weeks or even months, before being dis­covered. By then it is often too late for many victims. It’s made even more difficult if cyber criminals have given false in­form­a­tion when they re­gistered on the network. Identity theft, which is when victims are spied on and their identity is stolen for criminal purposes, means that criminals stay anonymous and pay the ad­vert­ising fee using stolen credit cards.

Since mal­vertising can also spread viruses and malicious software through le­git­im­ate websites, every internet user is po­ten­tially at risk. However, this doesn’t mean that you’re powerless against the dangers. It is important to have an effective antivirus program installed on your computer as basic pro­tec­tion. Programs with real-time pro­tec­tion ensure than no external access is possible, and prevent the un­au­thor­ised execution of malicious software. Likewise, an activated firewall is essential for pro­tect­ing against un­au­thor­ised network access. We offer a selection of re­com­men­ded antivirus software here. So that the pro­tec­tion is half-way reliable, the antivirus software needs to be kept up-to-date, which means you con­tinu­ally have to install updates. The same applies to the firewall, the operating system, the browser used, as well as the plugins installed. Since viruses and Trojans spread via mal­vertising when security gaps in software are exploited, it is extremely important to always work with a current version, which continues to receive security updates from the man­u­fac­turer. This minimises the risk, since many gaps will have been closed in the latest versions. In addition, some browser plugins can help by providing ad­di­tion­al pro­tec­tion e.g. Firefox has the 'No­Script' extension, which blocks JavaS­cript, Flash, Sil­ver­light, as well as Frames and iFrames op­tion­ally. With these or similar plugins, you can prevent cross-site scripting (XSS) as well as many forms of mal­vertising. XSS refers to the ex­ploit­a­tion of security gaps and the in­tro­duc­tion of malicious code into ori­gin­ally trust­worthy en­vir­on­ments. With the browser extension 'No­Script', you can also execute a whitelist and de­ac­tiv­ate the general block on selected pages (tem­por­ar­ily). Plugins, such as Adobe Flash, which are known for their security gaps, should not be installed if it can be helped. If you do want to use these plugins, you should activate the click-to-play function in the browser. This means that plugins are only executed with your per­mis­sion. Adblocker prevents ad­vert­ising banners, pop-ups, etc. from being displayed and offers ad­di­tion­al pro­tec­tion: if all forms of ad­vert­ising are blocked, then no mal­vertising can be displayed. In many cases, this prevents at least post-click mal­vertising, since malicious code is only executed after the banner has been clicked on. However, Adblocker does have a drawback: since most free websites finance them­selves from ads, many of these plugins are not welcome on these sites – es­pe­cially journ­al­ist­ic ones - and must be de­ac­tiv­ated. If you don’t de­ac­tiv­ate them, you might find the entire content is blurred on the pages that you’re trying to visit. Adblocker does, however, offer the pos­sib­il­ity to place selected pages on a whitelist and to specify ex­cep­tions.

The in­creas­ing spread of mal­vertising has also had a sig­ni­fic­ant impact on online marketing: up until recently, dis­play­ing ad­vert­ising on sites with a large reach and/or target group was a great way to reach people and attract attention, but with mal­vertising in­creas­ing, it means that this method isn’t as reliable as it once was. Thanks to this form of malware, many users are becoming more and more skeptical about online banner ad­vert­ising. They revert to Adblocker to get rid of obtrusive ad­vert­ising, for data pro­tec­tion, and for better per­form­ance and security reasons, and as pro­tec­tion against mal­vertising. All this comes in addition to banner blindness. This refers to the in­creas­ing blindness of internet user, since they tend to auto­mat­ic­ally ignore anything that looks like ad­vert­ising. Marketers therefore need to find a way around this.

To react to these trends, new marketing measures and more in­nov­a­tion forms of ad­vert­ising are required to attract and retain customers. To name just a few options for the diverse online marketing mix: in­ter­est­ing and helpful content, such as stories, can catch a potential customer’s attention. Native ad­vert­ising (ad­vertori­als, sponsored posts) on blogs and other sites with a large reach, is an example of how to win customers back. In­ter­est­ing content can be spread over social media channels, and if it is shared by users, is more likely to be noticed than the usual ad­vert­ising banners. Make sure that you label these posts so you can’t be accused of product placement.

In­flu­en­cer marketing also goes hand in hand with these methods: the aim is to find authentic brand am­bas­sad­ors who represent a brand and the products au­then­tic­ally on social media. SEO (Search Engine Op­tim­isa­tion) and SEA (Search Engine Ad­vert­ising) are dis­cip­lines that can be used to generate attention via search engines.

The fact is: mal­vertising weakens the power of ad­vert­ising banners as marketing tools, makes marketers come up with more creative ideas, and requires them to use new com­mu­nic­a­tion measures. Mal­vertising therefore has a direct influence on the world of online marketing, but it weakens the effect of classic banner ad­vert­ising that’s become so wide-spread.