What is malvertising?
Malvertising is usually done by hiding malicious code in relatively safe online ads. These advertisements can result in a victim receiving unreliable content or directly infecting the victim's computer with malware that can damage a system, access sensitive information, or even control the computer remotely.
Malvertising relies on advertising for social networks or user-provided content publishing services. Malvertising can contain preinstalled malicious programs that are set to start via payloads at specific dates and times.
Typically, malvertising ads contain active scripts that download malware or force unwanted content onto the victim's computer. Malvertisers mainly use Flash and Adobe to spread malware as both applications are very popular with internet users and are very vulnerable to security breaches.
Malvertising is immune to encryption tools like Adobe Shockwave Flash (SWF). Malicious ads contain Flash ActionScript exploit code that corrupts SWF files. The SWFIntruder tool is an analysis kit that software security administrators can use to detect malvertising. It was developed by the Open Web Application Security Project (OWASP).
Ad rotators use geo-targeting technology to perform predefined malvertisements that target users from specific countries and make it more difficult to detect attacks.
Since malvertising is included in websites and SWF files, anti-malware tools must be used to avoid the harmful effects of malvertising for the following reasons:
- To distinguish between legitimate and malicious advertising
- To track malvertisements and related IP (Internet Protocol) ranges
- To identify suspicious flash files
- To check malicious website content