Malvertising: how to protect your computer

Over the years, the internet’s potential has continued to develop and has given marketers even more possibilities. One of the classic ways of advertising is to have banners along the sides of each webpage, which usually contain a link to the provider. But for many years now, internet criminals have taken advantage of this kind of online advertising by hijacking innocent advertisements and infecting them with malicious software for weeks and months at a time. In IT circles, this compromised advertising is called 'malvertising' and is proving very challenging for marketers and webmasters.

Our article explains what malvertising is, how it works, and how you can protect your computer.

What is malvertising exactly?

The term malvertising is a portmanteau, made up of the word 'malware' and 'advertising'. The purpose of this kind of malicious software is to infect a computer or network via existing advertising banners on the network. There are many ways in which internet criminals can do this: infecting websites through malvertising is just as possible as infecting an entire advertising network and spreading harmful code over it.

When a visitor clicks on one of these banners, malicious scripts, Flash applications, and others, programs are automatically executed. These then infect the computer with viruses or Trojans. Often, unsuspecting victims are also redirected to untrustworthy or manipulated websites after clicking on the ad. Sometimes simply accessing a website, which has a manipulated banner on it, is enough to infect your computer. This is known as a 'drive-by download'.

How real is the threat of malvertising?

Internet criminals use popular, well-known websites to distribute their malvertising. This means that any website that offers advertising space can be affected. To what extent this is possible is seen in a recent example from the US: security experts revealed in 2016 that even large and well-known platforms such as AOL, BBC, and the New York Times had already been affected by malvertising. The Angler exploit kit systematically exploited the security flaws of Adobe Flash and Microsoft Silverlight in order to spread the encryption Trojan, TeslaCrypt, to unsuspecting victims.

In early 2016, MSN also fell victim to malvertising. Conquering this site alone meant that internet criminals had an enormous reach – it didn’t matter if only a fraction of the visitors had manipulated banners displayed to them and if even fewer clicked on them. Figures show just how serious the threat of malvertising has become. According to a survey by RiskIQ,, there was a 132% increase in malvertising in 2016 compared to the previous year. Out of two billion advertisements, it’s safe to say that an average of one in every 250 is infected.

By infecting well-known websites with large reaches, criminals can kill two birds with one stone: on the one hand, they take advantage of these popular sites where visitors are more inclined to trust the ads, and on the other hand, they can reach more people. In the early days of the World Wide Web, it was usually websites with pornographic or criminal content (i.e. pirate sites) that were affected, but now internet criminals also target users with normal surfing behavior.


According to a report by RiskIQ, there was a 132% increase in malvertising in 2016 compared to the previous year.

How does malvertising work?

There are several ways that malvertising leads to your computer becoming infected: it can be triggered by a careless user or can happen without any help. Security gaps and installed plugins are often exploited as well as outdated versions of software. Internet criminals frequently exploit security gaps in Flash, which is now being used less and less because of this reason, and is instead being replaced by new HTML5 standards.

A scenario that could activate malvertising is when the visitor clicks on the manipulated banner ('post click'). The victim won’t have a chance to do anything about it since the malicious code will either be executed immediately, the user will be forwarded to a spam website, or a download will begin. Various forms of malware are also hidden in Flash files. The malicious software used in malvertising can be any form of malware imaginable: from classic viruses to ransomware, and from spyware or keyloggers, which spy on the data of their victims.

However, 'pre click', even before the user has clicked on a banner, can run unwanted scripts. With this method, the malicious code is executed via a drive-by download. Different forms of malware can make life difficult for the user and infect their computer.

How do criminals manage to place their malvertising?

In addition to hacking individual websites and preparing banners, criminals have long found another, more effective method of placing malvertising on renowned web platforms: advertising networks. These act as mediators between advertisers and the publishers that rent space on their websites. Criminals take advantage of the fact that it’s so easy to get their ads on these sites. Many sites don’t have a way of checking ads and criminals simply have to register and pay the fee to advertise. By means of so-called ‘programmatic advertising’, the advertising is even automatically placed in real-time via a bidding process, meaning there’s barely any control over what gets shown.

This is how criminals manage to get their malvertising displayed to millions over the space of weeks or even months, before being discovered. By then it is often too late for many victims. It’s made even more difficult if cyber criminals have given false information when they registered on the network. Identity theft, which is when victims are spied on and their identity is stolen for criminal purposes, means that criminals stay anonymous and pay the advertising fee using stolen credit cards.

Protection against malvertising: take these measures

Since malvertising can also spread viruses and malicious software through legitimate websites, every internet user is potentially at risk. However, this doesn’t mean that you’re powerless against the dangers. It is important to have an effective antivirus program installed on your computer as basic protection. Programs with real-time protection ensure than no external access is possible, and prevent the unauthorized execution of malicious software. Likewise, an activated firewall is essential for protecting against unauthorized network access. We offer a selection of recommended antivirus software here.

So that the protection is half-way reliable, the antivirus software needs to be kept up-to-date, which means you continually have to install updates. The same applies to the firewall, the operating system, the browser used, as well as the plugins installed. Since viruses and Trojans spread via malvertising when security gaps in software are exploited, it is extremely important to always work with a current version, which continues to receive security updates from the manufacturer. This minimizes the risk, since many gaps will have been closed in the latest versions.

In addition, some browser plugins can help by providing additional protection e.g. Firefox has the 'NoScript' extension, which blocks JavaScript, Flash, Silverlight, as well as Frames and iFrames optionally. With these or similar plugins, you can prevent cross-site scripting (XSS) as well as many forms of malvertising. XSS refers to the exploitation of security gaps and the introduction of malicious code into originally trustworthy environments. With the browser extension 'NoScript', you can also execute a whitelist and deactivate the general block on selected pages (temporarily).

Plugins, such as Adobe Flash, which are known for their security gaps, should not be installed if it can be helped. If you do want to use these plugins, you should activate the click-to-play function in the browser. This means that plugins are only executed with your permission.

Adblocker prevents advertising banners, pop-ups, etc. from being displayed and offers additional protection: if all forms of advertising are blocked, then no malvertising can be displayed. In many cases, this prevents at least post-click malvertising, since malicious code is only executed after the banner has been clicked on. However, Adblocker does have a drawback: since most free websites finance themselves from ads, many of these plugins are not welcome on these sites – especially journalistic ones - and must be deactivated. If you don’t deactivate them, you might find the entire content is blurred on the pages that you’re trying to visit. Adblocker does, however, offer the possibility to place selected pages on a whitelist and to specify exceptions.

Malvertising: impact on online marketing

The increasing spread of malvertising has also had a significant impact on online marketing: up until recently, displaying advertising on sites with a large reach and/or target group was a great way to reach people and attract attention, but with malvertising increasing, it means that this method isn’t as reliable as it once was. Thanks to this form of malware, many users are becoming more and more skeptical about online banner advertising. They revert to Adblocker to get rid of obtrusive advertising, for data protection, and for better performance and security reasons, and as protection against malvertising. All this comes in addition to banner blindness. This refers to the increasing blindness of internet user, since they tend to automatically ignore anything that looks like advertising. Marketers therefore need to find a way around this.

To react to these trends, new marketing measures and more innovation forms of advertising are required to attract and retain customers. To name just a few options for the diverse online marketing mix: interesting and helpful content, such as stories, can catch a potential customer’s attention. Native advertising (advertorials, sponsored posts) on blogs and other sites with a large reach, is an example of how to win customers back. Interesting content can be spread over social media channels, and if it is shared by users, is more likely to be noticed than the usual advertising banners. Make sure that you label these posts so you can’t be accused of product placement.

Influencer marketing also goes hand in hand with these methods: the aim is to find authentic brand ambassadors who represent a brand and the products authentically on social media. SEO (Search Engine Optimization) and SEA (Search Engine Advertising) are disciplines that can be used to generate attention via search engines.

The fact is: malvertising weakens the power of advertising banners as marketing tools, makes marketers come up with more creative ideas, and requires them to use new communication measures. Malvertising therefore has a direct influence on the world of online marketing, but it weakens the effect of classic banner advertising that’s become so wide-spread.