What is malvertising and how to stay protected

Image courtesy of miniyo73 at Flickr.com

Malvertising is just another technique to try and infect our devices.

The name of this practice comes from the words “malicious” and “advertising”, and what it does is to hide malware to infect our devices in the form of publicity that comes from other websites. Let’s take a look at how this works.

But in order to really understand what malvertising is all about, we should first know what is adware, its “older brother”.

Adware and malvertising

Let’s start at the beginning. What is adware? Adware is any program that automatically shows publicity to the user during its installation or during its usage, and with it, it generates profits to its creators.

These are usually installed without the user’s knowledge, due to the fact that -even though it’s not advisable- more than once, we choose to click the “Next” button during the setup processes over and over again, without even reading what the installer is telling us. Often, while we are installing a piece of software, we get warnings that say that with this particular installation, other programs and toolbars will be included, programs and toolbars that we don’t really need and that are only going to annoy us, but due to the fact that we don’t really read what we are accepting, we simply don’t realize the consequences of what we’re doing.

These types of programs don’t usually harm the users directly, but they are incredibly invasive and annoying.

One example of adware is when, in our computer screens, we start seeing windows with ads that we have not requested and that make it quite complicated for us to keep using our device in a normal manner.

Since users have learned to be a bit more savvy with time, and they have a greater degree of attention when it comes to these sorts of installations, attackers have had to reinvent themselves to keep being effective, which is where the idea of malvertising came from.

Malvertising, unlike adware, it is in fact a practice that implies malicious programs, it’s not just something annoying. Also, the fundamental difference with adware is that you don’t need the user to go through a setup process in order to end up being affected, it’s only necessary for them to have plugins or addons in their regular web browser or any other out of date kind of software in their devices.

So essentially what the attackers will do is look for security holes in the browser’s plugins and in the software on the device, and, if they finds them, they will install malicious software without the user being aware of it.

In other words, malvertising takes advantage of the information it gets by being a publicity announcer about our programs, and it looks for back doors in them in order to try and gain access to our devices. If it doesn’t find them, nothing would happen.

And can we end up being infected just for that? That’s right, if we don’t take the appropriate precautions.

Image courtesy of Andy Melton at Flickr.com

How to stay protected?

Now that we know what malvertising is and how it works, we should learn how to protect ourselves. In order to do so, we have to follow these bits of advice:

1. Keep our systems always up-to-date

If we keep all of our devices up-to-date, from the updates of the operating system up to the versions of our web browsers, going through the programs or applications that we use, we will always be more protected.

2. Install and enable only the add ons or extensions in web browsers which are necessary for the day-to-day work

In fact, it’s a good idea to disable them when we don’t need them.

3. Carefully review the permissions that add ons or extensions require before we install them

It’s never really a good idea to accept everything that we come across without reading it first. It’s also not a good idea to do this with browser extensions or app permissions.

4. We should keep our security software up to date: Antivirus, antimalware and antispyware.

Keeping our protective software up to date is absolutely essential. Every day, new threats are born, and our antimalware and antispyware and antivirus software, they all create new solutions of security to neutralize them. If any of these programs is outdated, we can only protect ourselves from old threats but not from new ones.

Our security tools should always be downloaded from the official websites and they should always be updated.

5. Always install the latest version of your preferred web browser

Browsers are constantly being updated with new functions and new security measures at the same time as attackers are updating themselves in new evil practices. If you don’t update your browser, you are making it easier for attackers to gain access to your system.

Related content: Read ReputationDefender’s “SEO: History of a digital marketing trend (part I, the beginnings)”