A malvertisement (malicious advertisement) is an advertisement on the Internet that is capable of infecting the viewer's computer with malware. According to the network security company Blue Coat Systems Inc., malvertising is the current computer hijacking technique of choice for organized crime. Compromised computers can be used to create powerful botnets that can be used to carry out identity theft, corporate espionage or other illegal activity.
Malvertisements are commonly placed on a website in one of these two ways:
Legitimate advertisements: Initially, a criminal may place a series of malware-free advertisements on a trusted site that runs third-party ads and leave them alone for several months in order to establish a good reputation.Later on, the criminal will inject a malicious payload into the ad, infecting as many computers as possible in a short amount of time before removing the malicious code or discontinuing the ad. This type of attack is often run on websites that run third-party ads.
Pop-up ads: A pop-up ad can deliver a malicious payload as soon as the ad appears on the viewer’s screen. Scareware, which is malicious code disguised as an anti-virus application, is often delivered through pop-up ads. In some cases, the malware will execute when the viewer clicks the “X” to close the pop-up window.
By infiltrating popular syndicated online ad services, thousands of sites can be infected at once. Unfortunately, websites that run third-party ads can do little to protect their visitors because syndicated ads are not under their direct control. In fact, the company from whom they receive the ads may use ads from other publishers, so the original source of the advertisements can be several parties removed. Malvertisement infections are becoming so prevalent that many security experts recommend that users block all pop-up ads and create an application whitelist that will only allow their computer to run programs that have been positively approved.