Just a tiny FYI....
Malvertising
(malicious advertising) is the use of online ads to spread and
install malware or redirect your traffic. Cybercriminals inject infected
ads into legitimate advertising networks that display ads on websites
you trust. Then, when you visit a site, the malicious ad infects your
device with malware — even if you don’t click it.
Here’s how a basic malvertising attack works:
-
A cybercriminal buys ad space on a website or from an ad network.
-
The cybercriminal supplies an infected ad to be displayed in the space they purchased.
-
The malvertising attack happens when either:
-
You click the ad, or...
-
The website loads the ad and your device is infected automatically.
Many infected ads can attack you on their own, without requiring a
click.
In reality, it’s often more complex than that. Due to the fragmented nature of online advertising,
your browser needs to contact a variety of ad-related servers when it
loads a website. One server delivers the online ads, another might play a
video ad, and a third server might trigger a pop-up. This happens again
when you click an ad as well.
Attackers can intercept these traffic requests from your browser and forcibly inject malicious code or divert your traffic somewhere else. This is how forced redirect ads work. During the online journey from your browser to the advertiser, the attacker intercepts your traffic and infects you with malware or sends you to an unwanted destination.
What’s the difference between malvertising and adware?
Malvertising is often confused with adware because both involve ads. The primary difference between the two comes down to the source of the attack. Adware is a type of malware
that sits on your device and causes you to see ads you otherwise
wouldn’t encounter. Conversely, malvertising ads are hosted on
legitimate websites — there’s no need for the malvertising attacker to
pre-infect your device before you’re shown a malicious ad.
When
hackers slip infected ads into the most popular advertising networks,
they can spread malware on some of the world’s most trusted and widely
read websites. Malvertising attacks have hit MSN, Reuters, The New York
Times, YouTube, Spotify, The Onion, and numerous other popular websites
and services.
__________________