We’ve all been to websites that host advertisements in the form of popups, banners, and other visible displays. Website owners use advertising as a way to make money, and it can be argued that without online advertisements many websites would either need to charge visitors to view the content on the webpage, or find some other clever way to make money.
The most common way for website owners to introduce advertisements onto their website is by signing up with an affiliate marketing company. These companies act as a middle-man between the website owner and hundreds or even thousands of merchants that are seeking to advertise their product or service. Merchants sign up with the affiliate marketing company and specify the types of goods they are offering, and the Website owners sign up with the affiliate marketing company and add some code to their websites to display the advertisements. The affiliate marketing company does the matchmaking and provides advertisements to the visitors of the website.
One problem with this whole arrangement is that many affiliate marketing companies do not do a good job of vetting the merchants that pay to have their advertisements displayed on websites. This can lead to abuse by hackers and cybercriminals that intend to use malicious advertisements to infect the computers of visitors of the websites that display the ads. Even worse yet, website visitors don’t even need to click of the malicious advertisements to have their computers infected, simply viewing the advertisement in their browser is often enough to cause a virus to infect the computer.
Many advertisements that run on websites across the Internet use technologies such as Flash and Java to make them more dynamic. This computer code allows your browser to display the advertisement as the merchant intended them to be displayed. Unfortunately, Java and Shockwave, as well as other similar technologies often have vulnerabilities that allow a hacker to secretly inject malicious code into your computer while it is rendering the advertisement.
It is this method that hackers and cybercriminals use to compromise your computer when you are simply viewing their malicious advertisement. All they have to do is sign up with an affiliate marketing company and have their advertisement distributed to hundreds or thousands of websites, then they sit back and wait for their victims to start getting infected with the virus.
What You Can Do To Prevent Malvertisements
There are several things you can do to mitigate the threat of falling victim to an attacker that is using malicious advertisements to hack your computer:
Always keep your computer up to date on all patches
Malvertisement preys on users that have outdated or vulnerable applications running on their computer. Although hackers often utilize vulnerabilities that have not yet been patched, it’s a good idea to keep you operating system, browsers, and all third party applications up to date.
Install an advertisement blocker
Ad blocking applications not only hide those pesky and annoying advertisements from your view, they also prevent your computer from running the code that generates the advertisement. This means that even if a website has a malicious advertisement on it, your computer will never see it, and therefore never become infected.
Install Antivirus and keep it updated
Antivirus is often the last line of defense against these types of attacks. If your computer does attempt to render a malicious advertisement and the virus makes its way to the computer, Antivirus will detect and prevent it if it has an antivirus signature available for that particular virus.