What is Malvertising and Why should I Care?
What point is there of putting four locks and a firewall on the front door and leaving the back door open? Malware is not injected into a system through the front door. Oftentimes, users are not even aware that an invasion took place, these are not like home invasions where the alarm is triggered and sirens go off.
Malvertising is the combination of malware (which is short for “malicious software”) and advertising to invade our mobile devices and the network systems of internet users and place potentially unwanted programs (PUPs) on a system to gather personal information.
Malvertising and Malware infusions are subtle; in most cases a user doesn’t even know anything has taken place. In fact, in most cases it doesn’t even require an action on the part of the user to get in. A simple mouse over of an internet ad, without so much as a click, can place malware code onto a system by infecting the browser and making its way into the system, slithering around and gathering information as quietly as a non-intrusive garden snake, only potentially much more dangerous. Most users won’t even notice anything different, not even a slowdown in their internet service.
What makes Malware so Dangerous?
Malware could include a virus, such as a Trojan, a worm, or spyware, adware, ransomware, or some other type of PUP. Potentially everything within an unprotected system is accessible to malware, from contact lists to passwords, to credit card and debit information. Through programs that gather information, everything is at risk.
Which Systems are Most at Risk?
All unprotected systems are potentially at risk; however, since there are now many more mobile devices than PCs and laptops, more and more devious hackers are creating malware for mobile devices because most users do not bother or don’t know how to apply security to their mobile devices. Some software interfaces for the operating system of mobile devices do not even have anti-malware capabilities yet. Furthermore, most users are more inclined to get the latest photo sharing app for their phone than protect the valuable information contained in that device.
The worst part of that irresponsible inaction by users is not only the vulnerability of their own devices but the fact that they are tied into their work system through emails and other corporate interactions. How safe are those systems that contain personal and financial data for all their employees, as well as the customers they serve?
Some corporations provide cell phones for their employees, but by and large it is a BYOD (bring your own device) environment.
What can be done to minimize the Risk?
The obvious answer is by installing an ad blocker and anti-malware software on all your devices. Two of the best anti-malware providers are Emsisoft and Malwarebytes Anti-Malware both provide protection for desktops, laptops, and some mobile devices. Additionally, utilize Emsisoft’s free Emergency Kit whether or not there are indicators of victimization. There is no download necessary to “scan for malware and clean infected computers.”
The less obvious steps to minimize Risk involve:
- be very leery of utilizing “free” WIFI particularly while sending or receiving corporate data
- keep all devices and systems up-to-date
- companies and corporations should consider using secure cloud storage to mitigate the possibility of compromises
- IT managers in companies and corporations should not allow access from devices that do not have anti-malware installed, iOS and Blackberry do not currently support anti-malware
- web developers must ensure back doors don’t exist or those are blocked
With the amount of advertisements on the internet it is critical to the protection of our personal data and financial systems to do whatever is necessary to secure and encrypt our systems and devices consistently and continuously, or risk severe losses. It’s too late after a compromise allows our bank account to be drained to close that back door or install anti-malware.