If you think that online ads are just an annoyance, think again. One of the ways criminals harvest malware onto your computer is through the use of malicious online advertisements (malvertisements). Cybercriminals can serve them up by hacking into a trusted website and injecting their malware into third-party banners and online ads or first posing as a legitimate advertiser and then inserting malware into the code behind their ads after they have gained some traction. Both allow attackers to infect as many computers as possible in a short amount of time.
What makes malvertising attacks so powerful is that they can infect thousands of sites at once by infiltrating popular syndicated online ad services. Websites that run third-party ads can’t do much to protect their visitors from these malvertisements because syndicated ads are not under their direct control. After the damage is done, attackers can easily remove or discontinue their ad without a trace from an ad network infrastructure.
With some malvertisements, you do not even have to physically click on the malicious ad itself. Just having the malvertisement pop up on your screen is enough to unleash the malware onto your computer.
So, what can you do? Here are some tips that can help you protect your system.
• Make sure your operating system, browser, and browser plug-ins are up-to-date. This is one way to defend your system against attackers who look for opportunities to exploit vulnerabilities, like outdated software on your computer – this is a key tactic for today’s cybercriminals.
• Install an antivirus and two-way firewall and make sure your security software is up-to-date to keep your system protected from the latest malware attacks.
• Don’t click on any pop-ups that state you’ve won a prize. And beware of scareware pop-ups that claim your computer has been infected with a virus. These rogue security solutions are popular among cybercriminals who can use these applications to infect your system.
• Use your pop-up blocker or install an ad block add-on through your browser of choice (such as Firefox, Internet Explorer or Google Chrome). A pop-up ad can deliver a malicious payload as soon as the ad appears on the viewer’s screen. And in some cases, the malware will execute when the viewer clicks the “X” to close the pop-up window.
• Be especially careful of your browsing activity on the weekend. Cybercriminals tend to launch malvertising campaigns during off-peak times when IT resources are low and attacks are likely to go unnoticed.
Keep in mind that as companies continue to target people with online ads, malvertising will only become more prevalent. These are just a few ways to make sure any applications running on your system are legitimate and that you are never caught off-guard or tempted to click on what could quite possibly be not just an annoying but dangerous ad.
Awesome. Nice tips.
Thanks. Informative
I started getting ads in Craigslist that covered up the text of the ad. I wrote to CL but did not get any help. A friend suggested ZoneAlarm. I no longer have the problem. I did have a problem installing ZA and after 5 attempts and 2 chat sessions with their tech support, I learned ZA is not supported in Google Chrome.
Actually, ZoneAlarm is supported on Chrome, though our toolbar isn’t, since Chrome does not support toolbars whatsoever.
Actually, ZoneAlarm Browser Security only operates fully in Internet Explorer. Although, the “ZoneAlarm Security Engine” is injected into Firefox, it is “Disabled”, and classified as “Incompatible”. However, although no ZoneAlarm item is listed in Google Chrome’s list of extensions, the “ZoneAlarm Browser Security” module, ISWSHEX.dll, was loaded into every process I looked at, including Google Chrome, Notepad, and others.
While the ZoneAlarm Browser Security loaded in Internet Explorer inspected a test download while it was under Internet Explorer’s control, that module failed to provide the response which ZoneAlarm provides immediately the file lands in Microsoft’s choice of default downloads folder.
With Google Chrome, ZoneAlarm’s protection only kicks in when the file lands in Microsoft’s “Downloads” folder. However, Google’s “Safe Browsing technology” was able to respond as required for this test, before passing the test file to ZoneAlarm.
The test file:
http://www.eicar.org/download/eicar.com
Intended use ° EICAR – European Expert Group for IT-Security
http://www.eicar.org/86-0-Intended-use.html
Google is spreading themselves too thin IMO. I have used Google Chrome for a long time and just recently, it has been crashing a lot. I’m losing faith in Google and do not like how large they have become. They have an elitist attitude and are too secretive about what goes on behind their closed and closely guarded doors.
I have iLivid on my Facebook pages which carries pop up ads, warnings that my computer is running slow and encouragement to Download or Play – what I do not know. There’s no easy way of getting rid of it so I’ll probably give the PC Doc a call!
Try a free program called “malwarebytes free”. I know zonealarm will not like me showing third party software but that one gets rid of a common virus that I see often when fixing people’s computers.
It’s also a good idea to check in your browser where the hyperlink you’re about to click on is taking you – if you see that the link goes to an un-related site, think twice befor clicking on it.
Thanks for the other tips too.
I would also suggest using a community based add on for most browsers that helps you stay away from suspect sites in the first place. I suggest looking into WOT (Web of Trust) http://www.mywot.com/
Also most of my startup pages are set to https://encrypted.google.com/ or some other search engine that supports SSL encryption.
I can then visit portal pages.
Thank you. Several years ago I had a traumatic Identity Theft. Am still today trying to recover. I trust Zone Alarm & refer Zone Alarm.
Thank you for your continued service.
Instead of clicking the “X” to close the pop-up window, can’t you hit F4 or something like that?
alt+F4
Yes, ritrow. You are semi-brilliant.
http://support.mozilla.org/en-US/kb/keyboard-shortcuts-perform-firefox-tasks-quickly
> Close Window
> Ctrl + Shift + W
> Alt + F4
But does Alt + F4 avoid executing the malware?
Sometimes. It’s a tricky game avoiding viruses. When I see something fishy, I usually hold ctrl+Shift, then press escape. This brings up the task manager which allows you to stop applications and/or processes. When I am surfing and I see something strange in the user interface, or something happens that worries me, I close the browser through the task manager, under the list of open programs or apps as Windows 8 likes to call an open program.
I have my browsers set to start up the tabs that were open last time I closed the browser. When you stop the browser in the task manager, the operating system forces the browser to close unlike it usually does and notifies you of this next time you start up the browser. Usually if I force close my browser through the task manager like this, the browser will ask if I want to restore my session. If I allowed the browser to restore to its previous state, it would load that strange page that worried me in the first place. I start a fresh browser, continue my work, and try not to click that link that brought on the scare in the first place.
I mostly knew all of this; thanks anyway. One of the reasons I still use Internet Explorer from time to time is that when you go to Tools/Internet Options/Privacy and block popups, they STAY blocked. For Chrome, I searched and found the add-on extension Better Pop Up Blocker, which so fare is EXCELLENT.. One thing: I have looked for an ad/popup block for Firefox and found none; the best I located is an extension to block objectionable content, which is woefully inadequate. Anyone have any suggestions?
Firefox: > Options, Content, Block popup windows.
I also use Adblock Plus and NoScript extensions – the first stops ads and the 2nd stops scripts running when you visit a new page.
Luis Padilla, try this link to firefox popup info
http://support.mozilla.org/en-US/kb/pop-blocker-settings-exceptions-troubleshooting
I use Adblock Plus http://adblockplus.org/en/firefox
I’m running NoScript in Firefox. If all scripts are ‘off’ they cannot infect me, right? If I turn on scripts for the main site, can the infected ad infect me?
Like say all scripts are off, and I go to T-mobile. The f***ing menu won’t work, so I allow T-mobile scripts in NoScript. Now can the ad infect me? I have to also allow scripts for badguy.ru to get infected, right?
Aren’t 99% of infections through javascript?
Not javascript. Java. So I’ve read anyway
“If all scripts are ‘off’ they cannot infect me, right? If I turn on scripts for the main site, can the infected ad infect me?”
“Aren’t 99% of infections through javascript?”
I am not familiar with the percentages, but JavaScript is a very popular tool for dumping malware on a poorly defended computer.
NoScript is not simply a JavaScript blocker; it goes a good bit further than clamping down on JavaScript exploits as it addresses other vulnerabilities besides, including Flash and Java. Giorgio Maone, the NoScript developer, is a qualified professional who used his skills to protect his computer, and router!, from online threats, then put his creation on Mozilla’s add-on website.
However, as EP shows with his/her contribution below [EP ON MARCH - 10:27 AM], there is the problem of “cross site scripting” as well.
It would be helpful if ZoneAlarm would add a comment to say how many exploits require JavaScript in order to be pulled over from the remote server. However, it would not be a good idea to download HTML code from a malicious server, or any code which a hacker planted on a previously clean server. Even the most vigilant and capable I. T. teams get caught out on occasion, especially if the black hat teams can embarass the white hats by getting past their defences.
The Firefox add-on, Request Policy, is not only a good tool for both controlling what is pulled, or not pulled, from websites not listed in the browser address bar, but also for showing what a tangled mess of cross site scripting many web pages are.
However, before many surfers get to develop their own personal whitelist for their regular websites, they could well lose sight of the advantages which Request Policy offers, and lose patience with the whitelisting process which Request Policy requires.
Unfortunately, an upgrade which would benefit Request Policy would be to use blacklists downloaded from one of the usual distributors. However, this would not protect your computer from a malicious JPEG file which your media player pulls down as album art for displaying in the media player UI.
Fortunately, if your ‘puter has enough memory, and a fast enough processor, there is yet another application which will run in the background and go beyond simply blocking malicious websites by using a frequently updated hosts file. These “apps” not only update automatically, they also tell you why the browser was unable to load the page which has been called, and when the browser or another application tried a bad call.
Goes to show that even legitimate websites can pose as threats to those who visit the site! Recall the incident MLB.com had not too long ago when a banner ad on their website started distributing malware! http://www.scmagazineuk.com/major-league-baseball-website-hit-by-malvertising-that-may-potentially-impact-300000-users/article/246503/
The instance which EP cites illustrates the problem of cross site scripting, both intended and covertly inserted.
The Firefox add-on, Request Policy [vide supra], is not only a good tool for both controlling what is pulled, or not pulled, from websites not listed in the browser address bar, but also for showing what a tangled mess of cross site scripting many web pages are.