Online advertising is a necessary evil when it comes to funding online media, unfortunately, this practice has resulted in Malvertising; the act of embedding malware within legitimate websites.  According to research from RiskIQ, a leader in digital threat management, malvertising saw a rise of 132% in 2016 over the previous year.

“Malvertising is so nefarious because it’s a direct attack on the lifeblood of the internet as we know it. Digital media marketing is what funds the ‘free’ websites we all know and enjoy online. The success of the internet and all the people that rely on it is inextricably linked to online advertising success and safety,” said James Pleger, threat researcher at RiskIQ. “Publishers, ad platforms, and ad operations teams need active visibility, forensic information, and mitigation capability to enable them to effectively detect and respond to malicious ads in the wild.”

Malvertising takes advantage of both users and the websites that they visit.  The way it works is simple; a malware author will purchase an advertisement block from a website.  This typically takes the form of a banner advertisement but AdWords links are also a popular choice.  The type of malware and methods of distribution vary.  Many malvertisers embed redirect links that will send a visitor to a website that will immediately start downloading the latest virus or piece of spyware.

A more recent additional to malvertising is the browser lock.  This type of malware behaves like a less vicious version of ransomware.  When a user is directed to a browser lock website, they will be unable to close their internet browser by normal means.  These websites are usually designed to scare a victim into a certain action, be it downloading a fake antivirus program or to call a “tech support” hotline for help.  In either case, the malware distributer is able to force the user to download a malicious program or extort money from them.

Malvertising is particular problematic because it can be difficult to avoid entirely.  Over the last year, many mainstream and legitimate websites have been host to malware.  The problem stems from the way ad networks work.  When a malware author purchases advertising space, it is through an ad network that potentially hosts ads on hundreds of different websites.  By the time the ad network discovers that one of the ads leads to malware, it has probably already been served to hundreds of visitors.  Detection itself is often problematic because a malvertisment website will be setup to only host malware part of the time. At random intervals the website will switch between perfectly safe product promotion and malware distribution.  The difficulty of detection has led even Google Adwords, a heavily monitored ad platform, to feature the occasional malicious ad.

The solution to the problem isn’t simple.  On the short term, there are ways to avoid ad malware, such as browser based ad-blockers.  The problem is this ultimate hurts content creators.  Websites depend on ad revenue to function and without it, users will be forced into a subscription based content model or give up much of the free content available today.  In the long term, better methods of policing need to be implemented.  In the meantime, be cautious when visiting website links or clicking banners and if you do stumble onto something that looks suspicious, report it.  The sooner a malvertisment gets flagged, the faster it can be removed.