User:Mcapdevila/Sandbox

This is the user sandbox of Mcapdevila. A user sandbox is a subpage of the user's user page. It serves as a testing spot and page development space for the user and is not an encyclopedia article. Create or edit your own sandbox here.

Other sandboxes: Main sandbox | Template sandbox

Finished writing a draft article? Are you ready to request review of it by an experienced editor for possible inclusion in Wikipedia? Submit your draft for review!

Malvertising (from "malicious advertising") is the use of online advertising to spread malware.^[1]

Overview

Malvertising involves injecting malicious or malware laden advertisements into legitimate online advertising networks. ^[2] Online advertisements provide a convenient platform for spreading malware because significant effort is put into attracting users to them in order to gain revenue. ^[3] Because advertising content can be inserted into high-profile reputable websites, malvertising provides malefactors an opportunity to "push" their attacks at cautious web users who would not normally visit unknown external URLs, by exploiting the reputation of the website and the allegedly advertised brands to convince them that they are visiting legitimate advertisements.^[4]^[5] Malicious agents can then redirect users to sites that contain malware.

Redirection is built into online advertising, and this type of spread of malware is often successful because users expect a redirection to happen. A redirection that is taking place only needs to be co-opted in order to infect a user's computer. In several cases, the victim need not follow the links presented. Instead, the malicous ad contains a drive-by download by using flash scripts.^[6]

Examples

Several popular websites and news sources have been victims to malvetising and malicious adware placed on their website unknowingly, including Horoscope.com and The New York Times webpage.^[7]

The banner feed of The New York Times was hacked, causing some readers to see advertisements telling them their systems were infected and was trying to trick them into installing infected software on their computers. According to spokeswoman Diane McNulty, "the culprit approached the newspaper as a national advertiser and had provided apparently legitimate ads for a week", and the ads were switched to the virus alert malvertisement after. The New York Times suspended third-party advertisements to address the problem, and even posted advice for readers regarding this issue on its technology blog. ^[8]

Another example of Malware advertising is the gaming site "Mighty Magoo". They will propose advertising links to download their malicious toolbar and will also contribute to infringing popular trademarks of Nintendo and Sega. Their program is infected with a Malware virus called adware.magoo that appears to be nearly impossible to remove without their own way of removing the program. Mighty Magoo has also advertised on YouTube where their "Super Mario" game has been advertised on Mario videos. They have yet to be prosecuted for their copyright infringements and unlicensed games.

Types and Modes

Just by visiting websites that are impacted by malvertising puts users at risk of infection. There are many different methods used for injecting malicious advertisements or programs into webpages:

Pop-up ads for deceptive downloads, such as fake anti-virus programs that install malicious software on your computer. ^[2]
Drive-by downloads. ^[2]
Web widgets in which redirection can be co-opted into redirecting to a malicious site. ^[3]
Attackers embed hidden iframes that spread malware into websites. ^[3]
Content Delivery Networks (CDNs can be exploited to share malware. ^[3]
Malicious banners on websites. ^[3]

Impact and Consequences of Malware

There are many consequences to not being aware of this issue. If malware gets on your system, the hacker could have access to personal information and users could be at risk of identity theft. They can also track and monitor your internet activity, and viruses that may make your computer unusable.

Preventive Measures

There are several pre-cautions that people can take to lessen their chances of getting tricked by these advertisements. Besides just learning about them, users can download internet browsers that can detect websites that have malware advertisements on them, such as Internet Explorer 9 or Google Chrome, which "includes some security advances that make attacks more difficult." Commonly used programs such as Adobe Flash Player and Adobe Reader can have their flaws exploited, and become vulnerable to attacks, so it is important to keep them up-to-date. ^[9] Users can also download anti-virus software that protects against threats and removes malicious software from your system. Lastly, users can push companies and websites to scan advertisements before making them active on their webpages. ^[2]

References

^ William Salusky (2007-12-06). "Malvertising". SANS ISC. Retrieved 2010-08-05.
^ ^a ^b ^c ^d Online Trust Alliance (2012-07-29). "Anti-Malvertising Resources". Online Trust Alliance. Retrieved 2013-25-5. {{cite web}}: Check date values in: |accessdate= (help)
^ ^a ^b ^c ^d ^e Sood, Aditya (2011). "Malvertising - exploiting web advertising" (PDF). Computer Fraud and Security: 11-16. Retrieved 26 February 2013. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help); Unknown parameter |month= ignored (help)
^ Bobbie Johnson (25 September 2009). "Internet companies face up to 'malvertising' threat". The Guardian. Retrieved 2010-08-05.
^ "The rise of malvertising and its threat to brands". Deloitte. 2009.
^ William Salusky (2007-12-06). "Malvertising". SANS ISC. Retrieved 2010-08-05.
^ Johnson, Bobbie (Sep 25, 2009). "Internet companies face up to 'malvertising' threat". The Guardian. Retrieved 26 February 2013.
^ Picchi, Aimee (14 September 2009). "Malvertising hits The New York Times". The Daily Finance. Retrieved 26 February 2013.
^ Richmond, Riva. "Five Ways to Keep Online Criminals at Bay". Personal Tech. The New York Times. Retrieved 26 February 2013.

Categor:Advertising Categor:Malware Categor:Deception Categor:Phishing

[1] William Salusky (2007-12-06). "Malvertising". SANS ISC. Retrieved 2010-08-05.

[OTA-2] Online Trust Alliance (2012-07-29). "Anti-Malvertising Resources". Online Trust Alliance. Retrieved 2013-25-5. {{cite web}}: Check date values in: |accessdate= (help)

[CFS-3] Sood, Aditya (2011). "Malvertising - exploiting web advertising" (PDF). Computer Fraud and Security: 11-16. Retrieved 26 February 2013. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help); Unknown parameter |month= ignored (help)

[4] Bobbie Johnson (25 September 2009). "Internet companies face up to 'malvertising' threat". The Guardian. Retrieved 2010-08-05.

[5] "The rise of malvertising and its threat to brands". Deloitte. 2009.

[6] William Salusky (2007-12-06). "Malvertising". SANS ISC. Retrieved 2010-08-05.

[Guardian-7] Johnson, Bobbie (Sep 25, 2009). "Internet companies face up to 'malvertising' threat". The Guardian. Retrieved 26 February 2013.

[8] Picchi, Aimee (14 September 2009). "Malvertising hits The New York Times". The Daily Finance. Retrieved 26 February 2013.

[9] Richmond, Riva. "Five Ways to Keep Online Criminals at Bay". Personal Tech. The New York Times. Retrieved 26 February 2013.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]