Malvertising: What It Is & How to Stay Safe
The Growing Threat of Malvertising and Browser Exploits
Cybercriminals are increasingly focused on exploiting vulnerabilities within web browsers and their associated plug-ins. A particularly concerning tactic gaining traction is malvertising, which involves embedding malicious code within advertisements distributed through legitimate third-party ad networks.
The fundamental issue isn't the presence of advertisements themselves, but rather the existence of susceptible software on a user's computer. A simple click on a link leading to a compromised website can be enough to initiate an attack.
Understanding the Core Problem
Even a complete removal of all online advertising wouldn't resolve the underlying vulnerability. The core issue stems from outdated or insecure software components.
While ad-blocking tools can mitigate some risk, they do not address the root cause of the problem. Relying solely on adblockers provides a potentially misleading sense of security.
Real-World Examples of Website Compromises
Numerous websites are subjected to hacking attempts daily. A notable example involves the website of renowned chef Jamie Oliver, which experienced not one, but three separate breaches.
These attacks utilized malware exploit kits, potentially exposing millions of visitors to malicious code.
The Risk of Single-Click Infections
If a system is vulnerable, a single click is all it takes for an infection to occur. A significant number of users remain susceptible to these types of attacks.
Therefore, maintaining up-to-date software is crucial for protecting against malvertising and other browser-based threats.
The Growing Threat to Web Browsers and Plug-ins
Systems are primarily targeted by malicious actors through two distinct methods. One involves deceiving users into executing harmful downloads. The other centers on exploiting vulnerabilities within web browsers and associated components.
Software like the Adobe Flash plug-in, Oracle Java plug-in, and Adobe PDF reader are frequent targets for these attacks. Security flaws within these programs are leveraged to initiate the download and execution of malicious software onto a user’s computer.
Vulnerability Exploitation
A system is considered vulnerable if a previously unknown security flaw – a “zero-day” vulnerability – exists, or if crucial security updates haven’t been applied. Simply browsing a compromised webpage can then allow an attacker to gain control and infect the system.
These attacks often manifest as malicious Flash objects or Java applets embedded within the webpage. Even visiting an untrustworthy website can lead to infection, despite the expectation that even the most questionable sites shouldn't be capable of such compromise.
This highlights the importance of keeping software up to date.
Understanding Malvertising
Unlike direct phishing attempts, malvertising doesn't rely on deceiving users into navigating to harmful sites. Instead, it leverages advertising platforms to disseminate malicious code.
Cybercriminals introduce malicious Flash elements and other harmful code into ad networks, and then compensate the network for their distribution as legitimate advertisements.
For example, a user visiting a reputable news site could unknowingly download a compromised ad served through the network. This malicious advertisement then attempts to exploit vulnerabilities within their web browser.
A recent incident involving Yahoo!'s advertising network demonstrated this process, utilizing malicious Flash advertisements to target users. This exemplifies the fundamental principle of malvertising.
Essentially, malvertising exploits weaknesses in existing software to cause infection on seemingly trustworthy websites. This circumvents the need to lure users to malicious URLs. However, the underlying issue remains the presence of security flaws.
Without the use of malvertising techniques, infection could still occur simply by clicking a link originating from a different source. Therefore, addressing software vulnerabilities is paramount.
Protecting Yourself From Malvertising
It is crucial to implement the following security measures to fortify your web browser and defend against prevalent online attacks, even if advertisements were no longer loaded.
Activate Click-to-Play for Plug-ins: Ensure click-to-play functionality is enabled within your web browser settings. This prevents Flash or Java objects on webpages from automatically executing until explicitly clicked by the user. Given that malvertising frequently exploits these plug-ins, this setting provides a significant layer of protection.
Related: Utilize an Anti-Exploit Program to Enhance PC Security Against Zero-Day Threats
Employ MalwareBytes Anti-Exploit: MalwareBytes Anti-Exploit is consistently recommended due to its effectiveness. It serves as a more accessible and comprehensive alternative to Microsoft’s EMET security software, which is primarily designed for enterprise environments. While EMET can be used at home, MalwareBytes Anti-Exploit is the preferred anti-exploit solution.
This program operates independently of traditional antivirus software. Instead, it actively monitors your web browser, identifying and blocking techniques commonly used in browser exploits. Upon detecting such a technique, it will automatically intervene to halt the attack. MalwareBytes Anti-Exploit is available at no cost, functions alongside existing antivirus programs, and safeguards against a wide range of browser and plug-in exploits – including those leveraging zero-day vulnerabilities. It represents essential security for all Windows users.
Related: Enhance Browser Security by Uninstalling or Disabling Unused Plugins
Disable or Remove Infrequently Used Plug-ins, Including Java: Uninstall any browser plug-in that you do not regularly use. This action minimizes your "attack surface," reducing the number of potentially vulnerable software components available to attackers. Modern web browsing requires fewer plug-ins than in the past. The Java browser plug-in, a persistent source of vulnerabilities and rarely needed by websites, is a prime candidate for removal. Similarly, Microsoft’s Silverlight may be uninstalled if it is no longer required, as Netflix no longer utilizes it.
Alternatively, you could disable all browser plug-ins and utilize a separate browser specifically configured with the necessary plug-ins for websites that require them, though this approach demands more configuration effort. The eventual elimination of Adobe Flash and Java from the web would significantly complicate malvertising efforts.
Maintain Plug-in Updates: Ensure that all installed plug-ins are consistently updated with the latest security patches. Google Chrome and Microsoft Edge automatically update Adobe Flash. Internet Explorer on Windows 8, 8.1, and 10 also provides automatic Flash updates. If you are using Internet Explorer on Windows 7, Mozilla Firefox, Opera, or Safari, configure Adobe Flash to update automatically. Flash settings can be found within your control panel or System Preferences on a Mac.
Keep Your Web Browser Current: Regularly update your web browser. Most browsers now update automatically – simply avoid disabling automatic updates. If you use Internet Explorer, ensure Windows Update is enabled and installing updates consistently.
While most malvertising attacks target plug-ins, some have exploited vulnerabilities within web browsers themselves.
Consider Avoiding Firefox Until Electrolysis is Complete: This is a potentially contentious recommendation. Despite its continued popularity, Firefox currently lags behind other browsers in a critical area. Browsers like Google Chrome, Internet Explorer, and Microsoft Edge employ sandboxing technology to prevent browser exploits from compromising your system.
Firefox lacks a comparable sandbox, although other browsers have implemented this feature for several years. A recent malvertising attack specifically targeted Firefox, exploiting a zero-day vulnerability. Sandboxing could have mitigated the impact of this attack. However, using MalwareBytes Anti-Exploit would have provided protection even while using Firefox.
Sandboxing is slated for inclusion in Firefox through the Electrolysis project, which will also introduce multi-process architecture. The multi-process feature is scheduled for release in the stable version of Firefox "by the end of 2015" and is already available in unstable versions. Until then, Mozilla Firefox may be considered the least secure of the modern web browsers. Even Internet Explorer has incorporated some sandboxing features since Internet Explorer 7 on Windows Vista.
Currently, the majority of malvertising attacks are directed at Windows computers. However, users of other operating systems should not assume immunity. The recent malvertising attack against Firefox affected Windows, Linux, and Mac systems.
As demonstrated by the spread of crapware to Apple’s operating systems, Macs are not invulnerable. Attacks targeting specific web browsers or plug-ins like Flash or Java typically function similarly across Windows, Mac, and Linux platforms.