Advertisements on the internet are no longer just a nuisance. They are now also potentially dangerous. Even sticking to widely used and trusted websites can be risky, as the banner ads they contain may be carrying malicious code.
“Malvertising”, a combination of “malware” and “advertising”, is the technique of using trusted ad networks to deliver malware-loaded advertisements to users on trusted websites. This is not a new technique, but over the last couple of years its use has grown exponentially by cybercriminals because it is so effective.
According to David Kennerley, Sr. Threat Research Manager at Webroot: “Malvertising is a big problem and its return on investment for fraudsters suggests it’s not going away anytime soon.”
Most websites that have advertisements use “ad networks” to manage those ads, giving the site options for what type of ads to deliver to visitors. In a malvertising scenario, a cybercriminal will either hack into an ad network’s server or even sign a fraudulent contract with an ad network, posing as an advertiser in order to gain trust. They will then upload a seemingly legitimate advertisement that is loaded with malicious content, such as a Flash or Javascript exploit. The ad network unwittingly adds this malicious ad into its database so that its customers can choose it as one of multiple rotating ads. Or, it can take more of a social engineering approach and appear on your screen based on your browsing habits, which are tracked by tracking cookies.
“Unfortunately, simply keeping to trusted websites no longer means you’ll stay safe,” said Kennerley. “The outsourced, distributed and chaotic nature of the online advertising industry means that even the world’s most popular websites have no visibility on the ad content displayed on their pages or its original source.”
In recent months, an additional level of complexity has been employed in these types of attacks: “Fingerprinting”, a method of uniquely identifying computers based on meta-data and file dumps. As online advertisers move away from human transactions and toward real-time ad bidding, cybercriminals are finding ways to better target their victims. Ad networks provide user meta-data to advertisers so that they can better advertise to consumers, but this same data can be used by cybercriminals to identify systems that can be exploited. For instance, if the meta-data reveals that a PC’s Adobe Flash is not up to date and a known exploit exists for their version of Flash, they will identify that PC as a target for attack.
In addition to identifying potential victims, cybercriminals also use fingerprinting to identify networks and devices to avoid. For instance, if they choose to target only people in specific countries and avoid people in their own country, they can do so using geolocation data. This technique has also been used to evade security researchers by avoiding networks of security companies, making it more difficult to replicate and research these types of attacks.
With malvertising gaining popularity among cybercriminals, protecting yourself from this type of attack is critically important. “Internet users should keep their browsers fully patched, with appropriate in-built phishing and malware protection switched on,” advised Kennerley. “Browser add-ons should be kept up-to-date, with auto-play turned off; or better yet, disable or remove these commonly exploited add-ons completely. Ad-blocking software is becoming a must and of course a strong endpoint protection product is essential.”
Excellent article. One to pass on to others. Will keeping Webroot up to date be enough to keep my computer safe?
How is Webroot protecting its customers against this sort of attack?
Ryan,
The important thing to note with this is while we cannot protect the actual website that the malicious ad is hosted on, any attempt to load malware or execute on your machine from that site would be blocked by us. Attacks in this fashion are a good example of why it is becoming so important to have an antivirus application. As a side note, if you are interested, I would advise taking a look into the advancements that malware authors are making in regards to steganography. Don’t hesitate to let us know if you have any additional questions. We are always happy to assist
I am experiencing a huge problem with this. So much that I am no longer even able to go online on my computer. I’ve tried everything that I know to get rid of it. What steps can I take to block these ads?
Most ads are not associated with malware. Many are caused by potentially unwanted applications. If you use Webroot it would be advisable to reach out to our support team using one of the methods below:
Support Number: 1-866-612-4227
Support Ticket: https://detail.webrootanywhere.com/servicewelcome.asp
You can also utilize a popup blocker such as Adblock Plus, however that won’t stop ads caused by PUAs.
Have been most impressed with Webroot since signing up with you when we purchased our new HP All-in-One Pavilion 23 from, yep you guessed it, Best Buy. Webroot and Geek Squad are an excellent match!
Thanks Paul! We certainly appreciate the kind words and are glad you’ve stuck with us! Have a great weekend!
I have been using Webroot for at least 10 years. Also, buy my computers from Best Buy. BUT, I finally realized that using the Geek Squad, is the worst way to address any problems. 1st of all, you will usually get “outsourced” operators. I call Webroot Tech Support directly, 1 866 612-4227. I understand them, they understand me.Just saying…..
And P.S., the reason I have used Webroot for such a long time is I feel safe with them. Any problems I have had, which have included being hacked, and other security problems have always been quickly resolved through them. Win, Win.
Thanks for posting this article. I have noticed over the past year especially that even supposedly trusted sites have been cluttered with banner ads that looked fishy. I am going to read more on this and hopefully protect myself be.
No problem Tim! Thanks for reading. It’s definitely a sad state of affairs with the amount of ads on just about every website now. It’s important to note that while an ad may be malicious, we will still stop an attack made on your PC from things such as this. Have a great weekend! 🙂
Nope. No product will stop all threats, but Webroot is one of the best.
Thanks for the feedback John! We certainly try our best. Hope you have a great weekend! 🙂
Does Webroot Secure Everywhere have Ad blocker? Is It a strong Endpoint Protection Product? If not how can I protect myself?
Hello,
We currently do not offer an ad blocker. If I say that our Endpoint Protection is top notch that would be a bit biased though considering I am an employee. I would advise taking a look at some of our reviews and testimonials to make a decision. In regards to the ad blocker, I would take a look at Adblock Plus or even ask some of our power users on our community what they use. You can locate our community at https://community.webroot.com/t5/Home/ct-p/consumer
In addition to Webroot, on three PCs I use the pro version of Malwarebytes and Malware Anti Exploit, and run the paid version of Super Anti Spyware every day. Also, on a daily basis, HitMan Pro, a second opinion anti malware product that uses Kaspersky and Bit Defender malware databases. I’ve used many anti virus products over the years but Webroot protects very well and seems to require the least attention.
Thanks for the feedback Chris! Also, exceptional advice. Have a great weekend! 🙂
Can you please look and see what coverage I currently have and let me know if I need more. I am 73 and I need your advice.Thank you!
Patsy Cox
Patsy,
Please email me at communitysupport@webroot.com and I can help you with this.
Bit ironic that this article came out today as I had this type of attack happen yesterday on a trusted website I use every day, soon as the page loaded it redirected to a fake flash update website and webroot instantly flagged the temp file.
The Malvertising is scary to say the least. I appreciate having Webroot watching my back. I always look for spelling and grammar errors, but there’s always the chance some crap can sneak in.
Thanks Webroot !
As a tech family, we have multiple computers, tablets, and cell phones. I have used Webroot for years without one infection. It doesn’t bog my units down like the competitors. I will be using it for years to come. I will be looking more into the article you wrote. Thanks for a great product and great service.
Hey Barry,
Thanks for the great feedback and for sticking with us! I hope you have a great day! 🙂
My junk mailbox is so full of mail that I can’t delete each one. I have been reporting phishing, but a friend tells me that only lets the “phishers” know that they reached a “live” address. What is the recommended way to get rid of these or should I just ignore rather than empty the junkmail daily?
Also, I have a different email address than the one you mail to. Is there a way to transfer your notifications etc to that address? The address I entered below is the one you currently have.
Penny,
Unfortunately it is the responsibility of the email service provider to filter that for you. It’s also important to never disclose your email address anywhere publicly such as a forum or facebook. Please email me at communitysupport@webroot.com and I can look into updating your email in our system.
I’ve kept saying that most of the ads on websites nowadays were scam ads.
We have Webroot on our HP laptop. Love Webroot and Geek Squad. My question is how do I get it loaded onto my Samsung cell phone and my Samsung tablet? I know I can have 3 devices using my subscription, but I don’t know how to do it and I think these other devices should be protected, right?
Karen,
You can locate our instructions for this at http://www5.nohold.net/Webroot/ukp.aspx?pid=12&login=1&app=vw&solutionid=861&donelr=1
If you require assistance setting it up and are unable to, shoot me an email at communitysupport@webroot.com and I can walk you through the process. 🙂
This blog makes me very thankful that I have Webroot to protect my computer from these cybercriminals.
I had a problem with this, your people were very nice and helped me clear my pc, and explained what was happening. thanks so much for the great service.
No problem Liz! We are always happy to assist! I hope you have a lovely day! 🙂
I’m a long time Weberoot user over 7 years of loyalty I love this company and I think it’s a great source for antivirus. I’ve sold it and customers home by simply showing them it stops missed typed websites from appearing it tracks user information on your mobile device to protect you from public networks and it even takes less memory to operate than other commonly used any viruses.
I am however a bit confused as of recently I ran into three different systems running Windows 10 latest build where webroot cause Sub wireless keyboard to blue screen of death this is a known issue on Microsoft forums and is deturing people from finding out how awesome Webroot really is I hope they can figure it out so this doesn’t hurt their company
Clint,
This is an issue that we are aware of and currently working on a fix for. This should be resolved very soon. Thank you for providing this feedback for us! 🙂
Thank you so much for contacting me re this problem. I am sometimes on computer for 3-4 hrs. and notice clicking on what I call, sidebar ads,
makes my computer act a little “crazy’ AFTER DOING SO, such as having my arrow stop working or actually freeze, or disappear so that I have
to use my finger to negotiate closing my computer, then immediately using Webroot to clean my computer after coming back on line. Do you
think this is a form of Malware, or do I have something wrong , perhaps, with my computer that I don’t know about? I have tried to update to
Windows 10, which takes forever, stops at 84% complete and will not go beyond that point. Do I have malware? I have plenty of gigs to support Windows 10, and it is free version offered to me via my Microsoft Downloads. Am afraid to use two malware protectors because my computer crashed once and was told the two fight eachother and never to use two on same computer at once. I’m in seventies and not familiar w/everything but I try. Any suggestions at all would help. I advertise Webroot to all my friends and they love it. L.L. (3 year user).
Lorraine,
This is likely not malware. It sounds like you are experiencing issues associated with a Potentially Unwanted Application or PUA. You can learn about removing these at https://community.webroot.com/t5/Techie-KB/How-to-Remove-Potentially-Unwanted-Applications/ta-p/40744
I run add blocker software on the computer besides webroot and will myself not serve any adds from third parties on my websites until they get their house in order.
Great advice Marc! Thank you for sharing! It’s definitely something that needs to be addressed by all parties involved.
I am worried about all the pop up ads on my Pc How can I stop this
Donna,
Usually popups are caused by Potentially Unwanted Applications that have been installed with user consent. You can learn more about these and how to remove them at https://community.webroot.com/t5/Techie-KB/How-to-Remove-Potentially-Unwanted-Applications/ta-p/40744.
If you use Webroot and you are unable to do this, please reach out to our support team and we can help you free of charge.
Hey James, do you have version for iOS?
Hey Jay,
We currently do not have an antivirus application for iOS as it is very secure without one. We do however offer the SecureWeb Browser for free which can secure your browsing. This is especially important when using public wifi or traveling.
does webroot have a program for smart phones? my new Samsung galaxy 7 flashes up ads all the time. at&t told me that I had dpownloaded a site that did this but I haven’t downloaded anything that I didn’t have on my old galaxy 4
Hello,
We do offer an application to protect your device. We also have a free one that works wonderfully. If you go into the Google Play Store and search for Webroot Security Free you can locate our free app.
I just paid to have my computer cleaned up after being hit with a malware infection! Do you have a program to prevent that in future & if so, what is the cost of it?? The techs say it is nearly impossible to avoid malware on the computers due to the sophistication of the hackers methods! Yikes!!
Jackie,
Are you sure that the company you dealt with was a legitimate provider of support? If you saw a popup with a number to call, that is a scam. It is not impossible to protect against malware. Using an antivirus program certainly helps as well. If you use Webroot, we offer free support for all of our products.