During our daily web routines (reading the news, doing some “Facebooking”, online banking or reading our Gmail) we are constantly visiting websites that show some sort of advertisement, usually on the right or upper side of the screen. Although I believe quality online content should not be free and qualified advertisement is a legitimate way publishers monetize their work, I am also concerned with the growing presence of malvertising.

Wikipedia defines malvertising as “the use of online advertising to spread malware”.

Malvertising is a fairly new concept for spreading malware and is even harder to combat because it can work its way into a webpage and spread through a system unknowingly: “The interesting thing about infections delivered through malvertising is that it does not require any user action (like clicking) to compromise the system and it does not exploit any vulnerabilities on the website or the server it is hosted from… infections delivered through malvertising silently travel through Web page advertisements” [Infosecurity]

What makes malvertising extremely effective (and dangerous) is the insane amount of technology attackers put into making infected ads appear on reputable and safe websites. There are many types of malvertising: pop-up ads, In-text or in-content advertising, web widgets, banners, third party ads, etc.

We browsers (Chrome, Firefox and Opera taking the lead) are now alerting visitors to sites with HTTPS security (SSL Certificates) that, even though the site might be “safe”, some parts or contents on the site might not be:

The problem is, it is very hard to know what parts of the site are unsafe, you probably really need to do something on that site and it takes around 4 clicks on very specific locations to even get to the message above. Regular users simply will not do this. I personally visit news sites like CNN on a daily basis and this warning is always there simply because they cannot guarantee all the ads that display on its site are not malvertising.

Any way to protect myself against malvertising?

Antivirus and anti-malware software are catching up with this trend and detection rates seem to be going up; however this only applies to premium or paid versions… with the freebies, well… nobody knows for sure.
Uninstall browser plugins that you don’t use like Adobe Flash.
Keep operating system and browsers up to date – this is now not as bad since almost all browsers update automatically and they tell you when to restart.

If you want to know more, check this excellent article from Forbes