Malvertising

In the 21st century, advertising forms a key method of marketing for commodities. With the advent of technology, it has expanded to the online world. Advertisements are regularly seen on any website for various goods and services. Clicking on the advertisement link leads to direction to the page of the company showing the ad. However, advancements in technology have also led to advancements in cybercrime utilizing advertisements. One such crime is “Malvertising”.

Malvertising, also known as malicious advertising, refers to advertisements, which are criminally controlled, and harm people and organizations via malwares, scams, unwanted programs and unlawful activities on the internet. It does not involve creating specific advertisements, but involves perpetrators adding malicious codes onto legitimate everyday advertisement networks. The malicious codes often redirect unsuspecting individuals to other malicious websites. Types of crimes committed via malvertising include identity theft, theft of personal information, financial theft, illegal encryption, spying on activities done by the victim and many others.

Those who profit from malvertising rely on two main methods to infect a system. The first one is where malicious code inserted into an advertisement which induces people to click on the ad. This may be in the form of alerts stating that there is malware in the system, or offering to try a free program. Clicking the ad link causes redirection or malware to be downloaded into the system. The second method is known as “drive by download”. Here, an infected ad uses background web pages to perform illegal activities. Any web page that hosts the infected ad serves as a background web page. Loading such web pages results in redirection to other pages, which access the system of the victim.

Prevention and mitigation of the risk of malvertising can be done by both individuals and organizations. Individuals can take measures such as installing antivirus software (which can offer some protection against certain drive by downloads), enabling ad blockers on browses, and frequently updating their browsers and plugins when the option to update comes up. Organizations can take measures such as scanning their advertisements so as to discover any malware or unwanted codes, or enforcing policies to show only certain file types in the advertisement.

It is in this author’s view that malvertising is an issue that needs to be combatted both at the individual level as well as the organization level. As stated before, preventive strategies can be undertaken by both individuals and organizations, as they can both be targets of malvertising. Taking preventive actions against the threat of malvertising not only protects the user from malvertising in itself, but also protects the user against other cybercrimes that can occur as a result of malvertising.

JEI SHRINIVAS SRIDHAR

1st YEAR STUDENT

SYMBIOSIS LAW SCHOOL, HYDERABAD

Citations:

https://www.imperva.com/learn/application-security/malvertising/

https://www.malwarebytes.com/malvertising/

JEI SHRINIVAS SRIDHAR is a 1st year law student. He is pursuing his BA.LLB at the Symbiosis Law School, Hyderabad. He is an excellent researcher, and is well known for his skills in Moot Courts and Model United Nations.

Leave a Reply

Your email address will not be published.