Once upon a time, browsing the internet and avoiding malware was a relatively simple task. All you really had to do was be on the lookout for sketchy websites. And even then, when you did land on a sketchy one, you would only panic for the half-second it took for you to click the back button. After that, your blood pressure would teeter back off to normal levels and all would be right with the world.
Introducing Malvertising—the malware that poses as a legitimate ad and can affect your computer with no clicking or downloading necessary. This nasty form of malware can be found on any website (not just the sketchy ones). In fact, in 2015, many popular websites were unwitting hosts to Malvertising—including sites like Yahoo, Reuters, The Daily Mail, Perez Hilton, CBS Sports, Yahoo, and eBay.
If you’re not panicking yet, then just wait.
What makes Malvertising so vicious is that it can infect your computer with no action on your end. All you have to do is visit the host site. So, in theory, if you visited the UK website, Daily Mail, in October of last year when they were infected with Malvertising, you may have been subjected to a drive-by download, which exploits outdated software or apps to infect your system with a virus. If you had actually clicked on the ad, you would have been exposed to an unpleasant form of ransomware called the Angler Exploit Kit.
According to Wired Magazine, Malvertising is considered a “sweet spot” for many cyber criminals because it yields great returns and is almost entirely anonymous. It yields great returns because it is a direct line of attack that most people won’t be able to recognize, and it is almost entirely anonymous because the ads rotate quickly and can be purchased through illegitimate means such as stolen credit card information (which means it’s nearly impossible to trace).
Now the question you should be asking yourself right now is how do I avoid Malvertising? And you may not like the answer. You see, the only way to proactively avoid this form of malware is to always keep your system up-to-date—this includes your anti-virus, as well (something you should already be doing) and this requires you to work a little.
If you don’t allow automatic updates to your browser, operating system, or security solution, then you need to make sure you proactively seek out updates on a continual basis. Think of it this way: Updates make your system whole. When you miss or postpone critical updates, you create holes in your system that grow bigger each day. These holes serve as entry points for hackers and cyber criminals.