It is the responsibility of users, site developers and the ad networks themselves to mitigate the problem of malvertising.
According to Hélène Barrot, a representative from Google, DoubleClick, the company’s ad platform (which has inadvertently been a part of malvertising campaigns), has taken a number of different approaches. It collaborates with industry partners, publishes research into malvertising, and uses malware detection tools. “In 2014, we disabled more than 524 million bad ads and we banned more than 214,000 bad advertisers,” Barrot said.
Ad scanning has its limits though, as there are just too many things to watch out for. What might help is altering the cost of malvertising. At the moment, malvertising is incredibly cheap for cyber-criminals to carry out. For some ad networks, hackers are able to present malicious ads to a thousand people for only 30 cents (US Dollars). If entry fees were increased, and a large minimum fee was imposed on people signing up for ad networking, it would create a bigger financial risk for criminals to take and this, in turn, may reduce the appeal of malvertising.
You can be quite responsible with your PC, but still be affected by “Drive-by Downloads”.
There are several precautions you can take to minimise the chances of getting tricked by malvertising:
- Learn about malvertising, so that you can recognise it.
- Download an internet browser which can detect websites that have malware advertisements on them. Browsers such as Internet Explorer 9 or Google Chrome, include extra security features that make attacks more difficult.
- Use anti-virus software that protects against threats and removes malicious software from your systems and always keep it up-to-date. There is no excuse, for not having Anti-Virus software either. Free software, like AVG, is readily available.
- Keep ALL software installed on your computer up-to-date, particularly the Operating System (e.g. Windows Updates), but also Email and Web Browsing software.
Note: Windows 10 provides automatic updates.
- You can also use ad blocking software to avoid downloading the malware contained in advertisements or install a specific browser extension alerting you about malvertising campaigns.
Common programs, such as Adobe Flash Player and Adobe Reader can have their flaws exploited, and become vulnerable to attacks, so it is important to keep them up to date.
Tech Tip: Chrome keeps Flash Player updated automatically, whereas, Firefox doesn’t.
You can check that Flash Player is correctly installed, by going to the following website:
Java is a plug-in that is exploited all the time. Our FraudWatch International experts’ advice is to delete it if you are sure you don’t need it.
You can disable Java in the Chrome web browser using the following steps:
- Click the Chrome Settings button and select Settings from the menu
- Click on the Show advanced settings link at the bottom
- Under the Privacy section, click the Content Settings button
Most of the latest browsers come with pop-up blocking features; third-party tools tend to include other features such as ad filtering.
Opera was the first major browser to incorporate tools to block pop-up ads; the Mozilla browser later improved on this by blocking only pop-ups generated as the page loads. In the early 2000’s (decade), all major web browsers except Internet Explorer allowed the user to block unwanted pop-ups almost completely. In 2004, Microsoft released Windows XP SP2, which added pop-up blocking to Internet Explorer.
Tech Tip: Most pop-up blockers will allow help pop-ups on forms. However, some will reload the page, causing the loss of any information that had been previously entered.
Cyber-criminals might be trying to catch you out, but you can work to avoid malicious banner ads. Following these steps will assist you in browsing the web safely:
- Be wary of strange search results. While you browse, be on the lookout for copycat websites that show up in search results. If a site looks a little strange, exit immediately and launch your antivirus software ASAP.
- Be smart when you click. The value of a banner ad is measured in its ability to get users to click on it. So a lot of banner ads pull out all the stops, and some go a little too far. Ads that say “Click here to win a free …” are preying on people’s vulnerability. If you’re interested in an advertiser, type their web address into your browser or go to Google and find their website. For example, if you want to read your horoscope, go to Google and type in ‘horoscope’ and find a legitimate site rather than clicking on a pop-up ad.
- Keep your defenses up. You’ve heard it countless times, but if you’re not actively doing it, you should start. Ensure your computer is running regular software updates, once a week at a minimum. Turn your firewall on and make sure antivirus software is installed and your subscription is current.
The hackers are becoming more and more resourceful, say the experts. But malicious activities thrive because there are so many gullible Internet users. The answer is to monitor your own behaviour and therefore decrease your risk of attack.