By: Tim O’Pry | Chief Security Officer
As tech terms go, this is one of the few that is a simple portmanteau, a combination of Malware and Advertising. As the name implies these are website ads that attempt to infect your system directly when you click on the ad or trick you into downloading malware. On the web, the majority of ads that are displayed on any page are delivered from an advertising network. The website owner has little to no control over this content other than to add that network to their site. The actual ads that are displayed are controlled by the ad network. Once a bad actor gains access to a network, they have the potential to infect users throughout the world.
What can the average user do?
- Don’t click on any ads. Clicking on any unverified link is risky, and Malvertising can be made to look like it is from any company: Amazon, Walmart – anyone.
- Use an ad blocker. There are numerous free blockers available. Adblock is one of the more popular and the one I use. FYI: There is a downside to ad blockers. Some websites (especially news sites), detect their use and will NOT load while the ad blocker is enabled. Fortunately, it is simple to temporarily suspend the ad blocker or exclude that site if it’s one of your favorites.
- Use endpoint protection (what was once called anti-virus) that looks for and blocks this type of exploit. The one I use and recommend is Webroot or Malwarebytes, but most of the major vendors offer this protection. Even with good endpoint protection, you should still avoid clicking on ANY link whenever possible. Links in email and on websites are the single largest vector for malware. If you don’t click, you don’t get sick. The 21st-century version of “Just Say No!”
As with all advertising, if it sounds too good to be true, there is a hook or it’s a scam. Malvertisers, after all, do not deliver on their false promises, they simply want to entice you into action.
As a Henssler client, should you have a cybersecurity-related question or concern, we are here to help! Contact us at firstname.lastname@example.org, or through your associate.