SME Times is powered by   
Search News
Just in:   • India needs to diversify export portfolio: Report  • Domestic airlines to fly 12,983 flights per week this winter  • New energy policy won't violate deals with US, Canada: Mexican Prez  • 'Digitisation need of the hour for logistics sector'  • KTR calls for empowering states to boost country's growth 
Last updated: 07 Jun, 2016  

nilesh-jain-trend-microTHMB.jpg What happens when online ads attack: Malvertising?

fa07062016.jpg
   Top Stories
» India needs to diversify export portfolio: Report
» 'Digitisation need of the hour for logistics sector'
» 'IBC raised confidence of all investors in economy'
» Relief to borrowers on loans not repaid during 6-month moratorium
» GST return filing deadline extended, again
Nilesh Jain | 02 Jun, 2016
Google defines 'Malvertising', a term coined from the combination two words, malicious and advertising, as - the use of online advertising to spread malware.  Malvertising involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages.

Delving deeper into Malvertising

This is yet another form of cyber-attack gaining prominence in the realm World Wide Web after the widely discussed cyber-attacks like Ransomware etc. Through such attacks, cyber-criminals aim at compromising web browsers and its plug-ins. Embedding attacks in legitimate websites using third party ad networks is becoming an increasingly popular type of Malvertising. However, it is to be understood that the basic problem doesn't lie with the ads. It is the vulnerable software of the PC or the laptop that gets compromised after clicking the link of a malicious ad. Even if all ads vanished from the web overnight, the core problem would still remain.

Classifying Malvertising  

Malvertising can be categorized into two categories, depending upon the way an attacker chooses to attack and compromise systems. One is by attempting to trick you into downloading and running something malicious. The second is by attacking your web browser and related software like the Adobe Flash plug-in, Oracle Java plug-in, and Adobe PDF reader. These attacks use security holes in this software to force your computer to download and run malicious software.

A vulnerable system would allow an attacker to compromise and infect a system by simply visiting a web page with malicious code. The cause of vulnerability in a system could be attributed to two reasons; first could be because an attacker knows a new zero-day vulnerability of the users system. Zero-day vulnerability is basically an uncovered or unprotected vulnerability of a computer's software that hackers can exploit to adversely affect computer programs, data, additional computers or a network. The uncanny name 'Zero-day' has been derived from the fact that once an attacker has exploited the vulnerability, the software coder has zero-days i.e. no time left for any damage control. Moving on, the second reason behind a system's vulnerability could be simply because the user did not install security patches in the system to keep it protected.  

Easy hacks against Malvertising

Although cyber-criminals are on a constant lookout for loopholes to hack into a system, there are certain easy hacks that could help users fortify their web browser and protect themselves against the most common attacks online.

The foremost and easiest way is to enable click-to-play Plug-ins. A web page that contains a Flash or Java object doesn't run automatically unless the user clicks on it.

Almost all malvertising, use these plug-ins, so this option should protect users from almost everything. Contrariwise, Disabling or Uninstalling Plug-ins not used frequently, including java, could reduce the attack surface, giving attackers less potentially vulnerable software to target. For instance, Java browser plug-ins has been an unending source of vulnerabilities is used by few websites. Nonetheless, if there are Plug-ins that users wish to keep installed, it is vital that they ensure it is regularly updated with the latest security patches. Google Chrome automatically updates Adobe Flash, and so does Microsoft Edge. Internet Explorer on Windows 8, 8.1, and 10 automatically updates Flash, too. If you're using Internet Explorer on Windows 7, Mozilla Firefox, Opera, or Safari, ensure Adobe Flash is set to automatically update.

It has been observed that currently, maximum malvertising attacks have been performed against Windows computers. However, that does not give users of other operating systems a reason to be reluctant about the same. Bearing in mind that websites are hacked every day, a reluctant assumption that a mere adblocker is capable of protecting a computing device from expert hackers is a false sense of security. If a hacker identifies vulnerability in a system, even a single click could prove to be treacherous.

Conclusion

Malvertising is becoming a tough nut to crack, ensued by its disturbingly pervasive nature. Curbing it would require a combined effort of all stake holders in the ecosystem that comprises web site operators, ad networks, consumers and business audiences, striving to defend personal information and important data and neutralize the next data breach well in advance.

(Mr. Nilesh Jain is the Country Manager (India and SAARC), Trend Micro. The views expressed are personal.)

 
Print the Page Add to Favorite
 
Share this on :
 

Please comment on this story:
 
Subject :
Message:
(Maximum 1500 characters)  Characters left 1500
Your name:
 

 
  Customs Exchange Rates
Currency Import Export
US Dollar
66.20
64.50
UK Pound
87.50
84.65
Euro
78.25
75.65
Japanese Yen 58.85 56.85
As on 26 Oct, 2020
  Daily Poll
COVID-19 has directly affected your business
 Yes
 No
 Can't say
  Commented Stories
» 'Centre open to further economic stimulus'(1)
» Delay in dealing with GST refund delays(1)
» NPAs hurdle to banks' rate cut transmission(1)
 
 
About Us  |   Advertise with Us  
  Useful Links  |   Terms and Conditions  |   Disclaimer  |   Contact Us  
Follow Us : Facebook Twitter