OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


Current biggest security threat - Malvertising

Probably the biggest current security threat for my clients comes from malvertising. Malvertising attacks get into your computer while hiding in advertising on legitimate websites. A recent report on a single gang of criminals gives you an idea what the hundreds or thousands of criminal malvertising gangs can do.

This group created 28 fake advertising agencies. They made web pages, Linked-In accounts, Facebook accounts, and created phony officers and boards. Then they bought advertising from legitimate websites and other ad platforms redirecting unsuspecting viewers to malicious scams peddling malware-laden software updates and installers. This single group displayed over 1 billion ads in 2017.

They didn't run all the scams themselves but were an agency directing victims to malware selling clients. They had a large miscreant affiliate network, which could each create their own subnetworks. The main page gave reports, statistics and other information useful to their subordinate networks. Typical payloads were fake Flash updates, Virus warnings, and Microsoft or Apple support warnings. Since they had information on what kind of computer the user had, they could tailor the attacks to the user.

What to do?

What can you do to prevent this?
  1. Never click on any ad. If someone advertises an update or says you have a problem, or you see an advertisement for something cool, then exit that site and do your own search, go to a known legitimate site, or call me and ask if something is safe.
  2. Always use an ad-blocker with your browser. I prefer ad-blockers that allow simple ads but block aggressive ones. So I use Cliqz as my browser which has that built in. For those who prefer Firefox or even Chrome, I recommend Ad-block Plus.
  3. Have Anti-phishing protection. Your Antivirus product and your browser should have anti-phishing enabled.
  4. A safe site checker like Bitdefender's TrafficLight is also useful. This is available free for Firefox, Chrome, and Safari. It works with searches done with DuckDuckGo, Google, and Bing.
  5. Use an Ad-Blocking privacy respecting browser. My recommendation is Cliqz which is based on the open source Firefox code and looks and acts much like Firefox. For ardent Chrome fans, Brave is an open source privacy respecting browser based on Chromium, so it looks and acts more like Chrome.

Further reading

Date: March 2018

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster