SlideShare a Scribd company logo

Malvertisement the covert advert

Download as PPTX, PDF
izoologic
izoologic

Malvertising involves using online advertisements to spread malware. Attackers purchase ad space on legitimate websites and inject malicious ads containing viruses, spyware, or other threats. When users visit an infected site, these malvertisements can install malware pre-click or post-click. Major companies have struggled with malvertising attacks. While it's difficult to fully prevent such attacks, users can help protect themselves by keeping software like browsers and plugins updated, using ad blockers and antivirus software, and being cautious of the sites and programs installed.

Technology
1 of 13
Malvertisement: The Covert Advert Malvertising • Sounds like a mouthful, I know. • But it’s a word-blend (postmanteau) between Malware and Advertising. • To put it simply, the use of online advertisement to spread Malware www.izoologic.com
Malvertisement: The Covert Advert www.izoologic.com • Malvertising is what occurs when online advertising is used to spread malwares. • Malvertising is what ensues when attackers purchase ad spaces in famous or legitimate websites and inject them with ads that are loaded with viruses, spywares, malwares and all sorts of cyber waste out there you’ve never even heard of. • Basically, any display advert that delivers a code-based threat to the visitor’s browsing session can be thought of as a malvertisement.
How Does It Work and Who Are Affected? • I know, these attackers are quite “sneaky” and that’s true. That’s how they operate. • And they don’t really care if the sites are big shots like Google, Yahoo, Spotify, Ebay or even Reuters. • The more popular a website is, the more users they can infect. It provides them with a wider platform to push their attacks to unsuspecting web users who might not otherwise see the adverts, due to firewalls, more safety precautions or the like. www.izoologic.com Malvertisement
Malvertisement: The Covert Advert So what goes down, exactly? • Attackers attach themselves on trusted, legitimate websites as bait. • These attackers aim for clean and reputable websites specifically those with lots of frequent visitors (e.g. Youtube, Spotify, NY Times, Yahoo, AOL, NFL, etc.). • Many websites, especially the large and popular ones with several thousands or millions of users per day, rely heavily on third-party vendors and software providers to display their adverts for them. This, in turn, reduces direct oversight and the amount of scrutiny that should that should take place security-wise. This kind of data automation makes online adverts vulnerable to malvertising. www.izoologic.com
www.izoologic.com Malvertisement: The Covert Advert The websites themselves aren’t infected, and the advert publishers have no idea that they are blasting malicious content into potentially thousands and possibly millions of computers until it’s too late. Moreover, it has become quite a challenge for cybersecurity experts to properly identify exactly which adverts carry malicious contents because the adverts on a certain page change constantly. One user may get infected, but the next five, who visits the exact same page won’t be.
I’m OK as long as I don’t click those ads, right? FACT: PCs can be infected pre and post-click. www.izoologic.com It is a very common notion that the actual malware infection happens when visitors to the infected site begin clicking on a malvertisement. But that’s not the case. Instances of these pre-click malwares include being incorporated in main scripts of the webpage or what we call drive-by- downloads. These malwares can be programmed to auto-run, , meaning it can automatically take a user to a different site entirely and that site could be potentially malicious. Malwares can also be programmed to execute in the delivery of an advert – wherein a clean advert that has no infection pre or post click (in its original design) can still be infected whilst being requested. Malvertisement: The Covert Advert
www.izoologic.com Malvertisement: The Covert Advert Malvertising is a relatively fresh and perceptive approach for spreading malware and is even harder to prevent because it can work its way into a legitimate webpage and spread through a system unknowingly. An interesting thing about these infections via malverts is that it doesn’t require any clicking from the user to compromise the system and doesn’t expose any weaknesses on the website or even the server it is hosted from. The complexities of these infections are so diverse and yet its delivery is as simple as injecting through advertisement networks.
www.izoologic.com Malvertisement: The Covert Advert Major companies and websites have had their share of challenges in battling the growing number of malvertising attacks, which hints that it’s not going away anytime soon.
www.izoologic.com OK. How Can We Fend Off These Attacks ? Unfortunately, with this kind of attack vector, it’s quite difficult to defend ourselves against it head-on. But, there are a few things that we can do to possibly protect ourselves, if not, prevent these cyber-attacks from happening. Disable / Turn Off Java : In most cases, you won’t need Flash too. The less plugins you have installed or enabled, the lesser potential entry points you’re leaving for malverts.
www.izoologic.com OK. How Can We Fend Off These Attacks ? Make sure your plugins are updated : If you must install plugins, make sure they are updated for them to be effective. Developers regularly issues updates to fix security gaps so make sure you install them. Make sure your browser is updated with the latest version : This is a no-brainer. Most cyber-attacks are often introduced via browsers due to security holes. It pays off to making sure you have the latest security updates installed.
www.izoologic.com OK. How Can We Fend Off These Attacks ? Consider installing an Ad-blocker, Pop-up blocker or Anti-malware program : This is another option to fight off those nasty pop-ups and other malwares unknowingly creeping its way to your system. Get a decent Antivirus Software : Your first line of defense against viruses, malwares, and other forms of cyber-attacks.
www.izoologic.com It’s important to keep in mind that at the end of the day, no matter what kind of device you use, you just need to be aware and be mindful of the sites you visit, the apps or programs you install, and how it affects your privacy. Always make sure you are updated and well-informed with the latest trends and developments in Cyber Security here at iZOOlogic.com/blogs. Vince Luna iZOOlabs Security Response Malvertisement: The Covert Advert
www.izoologic.com Level 1, 444 Castro Street, Mountain View, California, USA +1 650 396 3352 sales@izoologic.com

Recommended

Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering Holes
Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering HolesChristopher Furton - Cybersecurity Threat Brief: Malvertising and Watering Holes
Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering HolesChris Furton
 
Bug Bounty
Bug BountyBug Bounty
Bug BountyHariprasad KA
 
Bug bounty programs
Bug bounty programsBug bounty programs
Bug bounty programsYassine Aboukir
 
Bug bounty hunting
Bug bounty huntingBug bounty hunting
Bug bounty huntingredteamacademypromo
 
Open Source CMS : How secure are they?
Open Source CMS : How secure are they?Open Source CMS : How secure are they?
Open Source CMS : How secure are they?Yassine Aboukir
 
5 Minute Report 1
5 Minute Report 15 Minute Report 1
5 Minute Report 1calondra
 
Know More About Malvertising!
Know More About Malvertising!Know More About Malvertising!
Know More About Malvertising!Nicole Payne
 
Guide to remove search.searchgeniusinfo.com
Guide to remove search.searchgeniusinfo.comGuide to remove search.searchgeniusinfo.com
Guide to remove search.searchgeniusinfo.comficilitynorwy
 

Recommended

Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering Holes
Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering HolesChristopher Furton - Cybersecurity Threat Brief: Malvertising and Watering Holes
Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering HolesChris Furton
 
Bug Bounty
Bug BountyBug Bounty
Bug BountyHariprasad KA
 
Bug bounty programs
Bug bounty programsBug bounty programs
Bug bounty programsYassine Aboukir
 
Bug bounty hunting
Bug bounty huntingBug bounty hunting
Bug bounty huntingredteamacademypromo
 
Open Source CMS : How secure are they?
Open Source CMS : How secure are they?Open Source CMS : How secure are they?
Open Source CMS : How secure are they?Yassine Aboukir
 
5 Minute Report 1
5 Minute Report 15 Minute Report 1
5 Minute Report 1calondra
 
Know More About Malvertising!
Know More About Malvertising!Know More About Malvertising!
Know More About Malvertising!Nicole Payne
 
Guide to remove search.searchgeniusinfo.com
Guide to remove search.searchgeniusinfo.comGuide to remove search.searchgeniusinfo.com
Guide to remove search.searchgeniusinfo.comficilitynorwy
 
2011 Social Media Malware Trends
2011 Social Media Malware Trends2011 Social Media Malware Trends
2011 Social Media Malware TrendsLumension
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Virusesfarzana9
 
Remove mystart3.dealwifi.com redirect virus
Remove mystart3.dealwifi.com redirect virusRemove mystart3.dealwifi.com redirect virus
Remove mystart3.dealwifi.com redirect viruscoseanonans
 
Spyware and adware
Spyware and adwareSpyware and adware
Spyware and adwareRaja Kiran
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Virusesfarhanah
 
Computer virus
Computer virus Computer virus
Computer virus AshishVasan
 
Meet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programsMeet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programsHackerOne
 
Mobile virus & worms
Mobile virus & wormsMobile virus & worms
Mobile virus & wormsSourav Verma
 
Protect your Oneplus from Viruses Around the Web
Protect your Oneplus from Viruses Around the WebProtect your Oneplus from Viruses Around the Web
Protect your Oneplus from Viruses Around the WebWireless Solutions NY
 
The Malware Menace
The Malware MenaceThe Malware Menace
The Malware MenaceTami Brass
 
How to remove search.klivs.com search engine
How to remove search.klivs.com search engineHow to remove search.klivs.com search engine
How to remove search.klivs.com search engineMU
 
HackStore
HackStoreHackStore
HackStoreAnton Ingachev
 
Yet another talk on bug bounty
Yet another talk on bug bountyYet another talk on bug bounty
Yet another talk on bug bountyvinoth kumar
 
Virus Barrier X5
Virus Barrier X5Virus Barrier X5
Virus Barrier X5jgrant11
 
Mischievous Malware
Mischievous MalwareMischievous Malware
Mischievous MalwareThe TNS Group
 
Spyware
SpywareSpyware
SpywareIshita Bansal
 
Introduction to malvertising
Introduction to malvertising Introduction to malvertising
Introduction to malvertising Mohd Arif
 
Today's malware aint what you think
Today's malware aint what you thinkToday's malware aint what you think
Today's malware aint what you thinkNathan Winters
 
PC Maker's Support Page Succumbs To Compromise
PC Maker's Support Page Succumbs To CompromisePC Maker's Support Page Succumbs To Compromise
PC Maker's Support Page Succumbs To CompromiseTrend Micro
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsConnecting Up
 
Adware and Browser Hijacker - Symptoms and Prevention
Adware and Browser Hijacker - Symptoms and PreventionAdware and Browser Hijacker - Symptoms and Prevention
Adware and Browser Hijacker - Symptoms and PreventionCarol Witson
 
The Computer Virus-Interactive
The Computer Virus-InteractiveThe Computer Virus-Interactive
The Computer Virus-InteractiveGronHatchat
 

More Related Content

What's hot

2011 Social Media Malware Trends
2011 Social Media Malware Trends2011 Social Media Malware Trends
2011 Social Media Malware TrendsLumension
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Virusesfarzana9
 
Remove mystart3.dealwifi.com redirect virus
Remove mystart3.dealwifi.com redirect virusRemove mystart3.dealwifi.com redirect virus
Remove mystart3.dealwifi.com redirect viruscoseanonans
 
Spyware and adware
Spyware and adwareSpyware and adware
Spyware and adwareRaja Kiran
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Virusesfarhanah
 
Meet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programsMeet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programsHackerOne
 
Mobile virus & worms
Mobile virus & wormsMobile virus & worms
Mobile virus & wormsSourav Verma
 
Protect your Oneplus from Viruses Around the Web
Protect your Oneplus from Viruses Around the WebProtect your Oneplus from Viruses Around the Web
Protect your Oneplus from Viruses Around the WebWireless Solutions NY
 
The Malware Menace
The Malware MenaceThe Malware Menace
The Malware MenaceTami Brass
 
How to remove search.klivs.com search engine
How to remove search.klivs.com search engineHow to remove search.klivs.com search engine
How to remove search.klivs.com search engineMU
 
Yet another talk on bug bounty
Yet another talk on bug bountyYet another talk on bug bounty
Yet another talk on bug bountyvinoth kumar
 
Virus Barrier X5
Virus Barrier X5Virus Barrier X5
Virus Barrier X5jgrant11
 

What's hot (14)

2011 Social Media Malware Trends
2011 Social Media Malware Trends2011 Social Media Malware Trends
2011 Social Media Malware Trends
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Remove mystart3.dealwifi.com redirect virus
Remove mystart3.dealwifi.com redirect virusRemove mystart3.dealwifi.com redirect virus
Remove mystart3.dealwifi.com redirect virus
 
Spyware and adware
Spyware and adwareSpyware and adware
Spyware and adware
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Computer virus
Computer virus Computer virus
Computer virus
 
Meet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programsMeet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programs
 
Mobile virus & worms
Mobile virus & wormsMobile virus & worms
Mobile virus & worms
 
Protect your Oneplus from Viruses Around the Web
Protect your Oneplus from Viruses Around the WebProtect your Oneplus from Viruses Around the Web
Protect your Oneplus from Viruses Around the Web
 
The Malware Menace
The Malware MenaceThe Malware Menace
The Malware Menace
 
How to remove search.klivs.com search engine
How to remove search.klivs.com search engineHow to remove search.klivs.com search engine
How to remove search.klivs.com search engine
 
HackStore
HackStoreHackStore
HackStore
 
Yet another talk on bug bounty
Yet another talk on bug bountyYet another talk on bug bounty
Yet another talk on bug bounty
 
Virus Barrier X5
Virus Barrier X5Virus Barrier X5
Virus Barrier X5
 

Similar to Malvertisement the covert advert

Introduction to malvertising
Introduction to malvertising Introduction to malvertising
Introduction to malvertising Mohd Arif
 
Today's malware aint what you think
Today's malware aint what you thinkToday's malware aint what you think
Today's malware aint what you thinkNathan Winters
 
PC Maker's Support Page Succumbs To Compromise
PC Maker's Support Page Succumbs To CompromisePC Maker's Support Page Succumbs To Compromise
PC Maker's Support Page Succumbs To CompromiseTrend Micro
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsConnecting Up
 
Adware and Browser Hijacker - Symptoms and Prevention
Adware and Browser Hijacker - Symptoms and PreventionAdware and Browser Hijacker - Symptoms and Prevention
Adware and Browser Hijacker - Symptoms and PreventionCarol Witson
 
The Computer Virus-Interactive
The Computer Virus-InteractiveThe Computer Virus-Interactive
The Computer Virus-InteractiveGronHatchat
 
The Nasty of Computers
The Nasty of ComputersThe Nasty of Computers
The Nasty of ComputersGronHatchat
 
S P Y W A R E4 S I K
S P Y W A R E4 S I KS P Y W A R E4 S I K
S P Y W A R E4 S I Kazman21
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportChris Taylor
 
Virus and Anti virus
Virus and Anti virusVirus and Anti virus
Virus and Anti virusFaisal Hassan
 
Web design premium
Web design premiumWeb design premium
Web design premiumjeannined_1
 
cybercrime survival guide
cybercrime survival guidecybercrime survival guide
cybercrime survival guideGary Gray, MCSE
 
Unmasking Scam Websites: Ways to Safe Surfing
Unmasking Scam Websites: Ways to Safe SurfingUnmasking Scam Websites: Ways to Safe Surfing
Unmasking Scam Websites: Ways to Safe SurfingSoftwareDeals
 
Defend Your Company Against Ransomware
Defend Your Company Against RansomwareDefend Your Company Against Ransomware
Defend Your Company Against RansomwareKevo Meehan
 
Ransomware attacks reveton
Ransomware attacks revetonRansomware attacks reveton
Ransomware attacks revetonMumbere Joab
 

Similar to Malvertisement the covert advert (20)

Mischievous Malware
Mischievous MalwareMischievous Malware
Mischievous Malware
 
Spyware
SpywareSpyware
Spyware
 
Introduction to malvertising
Introduction to malvertising Introduction to malvertising
Introduction to malvertising
 
Today's malware aint what you think
Today's malware aint what you thinkToday's malware aint what you think
Today's malware aint what you think
 
PC Maker's Support Page Succumbs To Compromise
PC Maker's Support Page Succumbs To CompromisePC Maker's Support Page Succumbs To Compromise
PC Maker's Support Page Succumbs To Compromise
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
 
Adware and Browser Hijacker - Symptoms and Prevention
Adware and Browser Hijacker - Symptoms and PreventionAdware and Browser Hijacker - Symptoms and Prevention
Adware and Browser Hijacker - Symptoms and Prevention
 
The Computer Virus-Interactive
The Computer Virus-InteractiveThe Computer Virus-Interactive
The Computer Virus-Interactive
 
The Nasty of Computers
The Nasty of ComputersThe Nasty of Computers
The Nasty of Computers
 
S P Y W A R E4 S I K
S P Y W A R E4 S I KS P Y W A R E4 S I K
S P Y W A R E4 S I K
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_Report
 
Virus and Anti virus
Virus and Anti virusVirus and Anti virus
Virus and Anti virus
 
Web design premium
Web design premiumWeb design premium
Web design premium
 
cybercrime survival guide
cybercrime survival guidecybercrime survival guide
cybercrime survival guide
 
Malvertising: The Hidden Threat
Malvertising: The Hidden ThreatMalvertising: The Hidden Threat
Malvertising: The Hidden Threat
 
What is malware
What is malwareWhat is malware
What is malware
 
Unmasking Scam Websites: Ways to Safe Surfing
Unmasking Scam Websites: Ways to Safe SurfingUnmasking Scam Websites: Ways to Safe Surfing
Unmasking Scam Websites: Ways to Safe Surfing
 
Defend Your Company Against Ransomware
Defend Your Company Against RansomwareDefend Your Company Against Ransomware
Defend Your Company Against Ransomware
 
Ransomware attacks reveton
Ransomware attacks revetonRansomware attacks reveton
Ransomware attacks reveton
 
Malware Infections
Malware InfectionsMalware Infections
Malware Infections
 

Recently uploaded

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Recently uploaded (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Malvertisement the covert advert

  • 1. Malvertisement: The Covert Advert Malvertising • Sounds like a mouthful, I know. • But it’s a word-blend (postmanteau) between Malware and Advertising. • To put it simply, the use of online advertisement to spread Malware www.izoologic.com
  • 2. Malvertisement: The Covert Advert www.izoologic.com • Malvertising is what occurs when online advertising is used to spread malwares. • Malvertising is what ensues when attackers purchase ad spaces in famous or legitimate websites and inject them with ads that are loaded with viruses, spywares, malwares and all sorts of cyber waste out there you’ve never even heard of. • Basically, any display advert that delivers a code-based threat to the visitor’s browsing session can be thought of as a malvertisement.
  • 3. How Does It Work and Who Are Affected? • I know, these attackers are quite “sneaky” and that’s true. That’s how they operate. • And they don’t really care if the sites are big shots like Google, Yahoo, Spotify, Ebay or even Reuters. • The more popular a website is, the more users they can infect. It provides them with a wider platform to push their attacks to unsuspecting web users who might not otherwise see the adverts, due to firewalls, more safety precautions or the like. www.izoologic.com Malvertisement
  • 4. Malvertisement: The Covert Advert So what goes down, exactly? • Attackers attach themselves on trusted, legitimate websites as bait. • These attackers aim for clean and reputable websites specifically those with lots of frequent visitors (e.g. Youtube, Spotify, NY Times, Yahoo, AOL, NFL, etc.). • Many websites, especially the large and popular ones with several thousands or millions of users per day, rely heavily on third-party vendors and software providers to display their adverts for them. This, in turn, reduces direct oversight and the amount of scrutiny that should that should take place security-wise. This kind of data automation makes online adverts vulnerable to malvertising. www.izoologic.com
  • 5. www.izoologic.com Malvertisement: The Covert Advert The websites themselves aren’t infected, and the advert publishers have no idea that they are blasting malicious content into potentially thousands and possibly millions of computers until it’s too late. Moreover, it has become quite a challenge for cybersecurity experts to properly identify exactly which adverts carry malicious contents because the adverts on a certain page change constantly. One user may get infected, but the next five, who visits the exact same page won’t be.
  • 6. I’m OK as long as I don’t click those ads, right? FACT: PCs can be infected pre and post-click. www.izoologic.com It is a very common notion that the actual malware infection happens when visitors to the infected site begin clicking on a malvertisement. But that’s not the case. Instances of these pre-click malwares include being incorporated in main scripts of the webpage or what we call drive-by- downloads. These malwares can be programmed to auto-run, , meaning it can automatically take a user to a different site entirely and that site could be potentially malicious. Malwares can also be programmed to execute in the delivery of an advert – wherein a clean advert that has no infection pre or post click (in its original design) can still be infected whilst being requested. Malvertisement: The Covert Advert
  • 7. www.izoologic.com Malvertisement: The Covert Advert Malvertising is a relatively fresh and perceptive approach for spreading malware and is even harder to prevent because it can work its way into a legitimate webpage and spread through a system unknowingly. An interesting thing about these infections via malverts is that it doesn’t require any clicking from the user to compromise the system and doesn’t expose any weaknesses on the website or even the server it is hosted from. The complexities of these infections are so diverse and yet its delivery is as simple as injecting through advertisement networks.
  • 8. www.izoologic.com Malvertisement: The Covert Advert Major companies and websites have had their share of challenges in battling the growing number of malvertising attacks, which hints that it’s not going away anytime soon.
  • 9. www.izoologic.com OK. How Can We Fend Off These Attacks ? Unfortunately, with this kind of attack vector, it’s quite difficult to defend ourselves against it head-on. But, there are a few things that we can do to possibly protect ourselves, if not, prevent these cyber-attacks from happening. Disable / Turn Off Java : In most cases, you won’t need Flash too. The less plugins you have installed or enabled, the lesser potential entry points you’re leaving for malverts.
  • 10. www.izoologic.com OK. How Can We Fend Off These Attacks ? Make sure your plugins are updated : If you must install plugins, make sure they are updated for them to be effective. Developers regularly issues updates to fix security gaps so make sure you install them. Make sure your browser is updated with the latest version : This is a no-brainer. Most cyber-attacks are often introduced via browsers due to security holes. It pays off to making sure you have the latest security updates installed.
  • 11. www.izoologic.com OK. How Can We Fend Off These Attacks ? Consider installing an Ad-blocker, Pop-up blocker or Anti-malware program : This is another option to fight off those nasty pop-ups and other malwares unknowingly creeping its way to your system. Get a decent Antivirus Software : Your first line of defense against viruses, malwares, and other forms of cyber-attacks.
  • 12. www.izoologic.com It’s important to keep in mind that at the end of the day, no matter what kind of device you use, you just need to be aware and be mindful of the sites you visit, the apps or programs you install, and how it affects your privacy. Always make sure you are updated and well-informed with the latest trends and developments in Cyber Security here at iZOOlogic.com/blogs. Vince Luna iZOOlabs Security Response Malvertisement: The Covert Advert
  • 13. www.izoologic.com Level 1, 444 Castro Street, Mountain View, California, USA +1 650 396 3352 sales@izoologic.com