You are here: Home > Malvertising on the Rise: How you can Protect your PC’s

Malvertising on the Rise: How you can Protect your PC’s

Just in case ya didn’t know Malvertising is the #1 way to get infected due to the numerous security holes found in:

Adobe Reader (acrobat)
Adobe Flash Player
Sun’s Java

Those are the top 3 applications being exploited right now.   You may be wondering how you got infected with a fake anti-virus program (for example) without ever clicking on any ad.  See the simple explanation below.

Here’s how Malvertising Works

  1. A legit website like CNN.com sells advertising space because it has thousands of views every day. (again, this is just an example)
  2. A malicious person or group purchases some of this advertising space and submits an ad that appears perfectly fine to the CNN.com advertising editors.
  3. The ad goes live.
  4. At some point the ad becomes malicious and starts scanning clients for outdated Adobe Reader, Adobe Flash or Java binaries.
  5. Once an exploit is available the malicious ad injects malware into the clients PC.
  6. The anti-virus may or may not detect it, it’s really just luck.  If the threat is old, then there’s a good chance it will.  If it’s just a few minutes old then there’s a good chance it won’t.
  7. The ad may stay live for minutes, hours, days, etc until someone notifies the web master of that domain.

How can you stop these attacks?

  1. Keep your Adobe Reader and Flash Updated.  This is not exactly an easy task since Adobe seems to find security holes every other week.  Open Adobe Reader and click help — check for updates (at the time of this writing I just discovered I had 2 waiting to be downloaded!).  Both programs do automatic update checking, however a lot of people just cancel the update.  Bad idea.
  2. When Java alerts you that an update is available then yes…install it.  Lot’s of my clients never install this update.  It’s really important that you do.
  3. Configure the Adobe Reader plugin in each of your web browsers not to load PDF’s automatically.
  4. Browse the internet with Sandboxie as much as you can.  That goes for everyone who uses the computer.
  5. Always download and install your Windows Updates.
  6. Follow steps 1 – 5 and you’ll probably never experience the end result of a malicious ad.

Optional – Run Secunia:

Used by millions of home users around the world, the Secunia PSI is a FREE security tool designed with the sole purpose of helping you secure your computer against vulnerabilities in programs.

If you have any questions leave a comment!



, , , ,

  • Silviu C.

    Turning off javascript in adobe’s reader also helps mitigate threats from maliciously crafted pdf files.

  • Matthew

    Norton Antivirus 2010 has a feature called Vulnerability Protection, so using that should help lots. Also having Malwarebytes with its IP blocking feature is also a must as it can block those sorts of threats too. Infact its constantly blocking IP addresses left right and center even on the most seemingly harmless of websites so I assume its finding and blocking those threats automatically.

  • alv

    May you test the new Vipre 4, launched today?

  • Vilmis

    Very nice info Matt. Thanks!

  • Dario

    Also some other (32-bit only) great free sandbox alternatives: GeSWall and SafeSpace

  • RossN

    Thanks Matt! I think that Secunia PSI program is awesome.

  • http://www.myhelpfulnerd.com myHelpfulNerd

    SafeSpace looks really good. Thanks for the heads up Dario! I’ll have to test it out soon.

  • Dieselman

    Dario………….safe space is no longer supported. The product is dead and it eats up about 77,000K of memory.,

  • Dario

    @Dieselman: You mean they will no longer update it? Too bad, looks really nice and seemed to work very well. I like it more than GeSWall and Sandboxie because of it’s neat interface and it was also easy to configure (add exclusion folders). Did not like the colored border though.

  • Dieselman

    All I need is my KIS.

  • ryan

    Love the new main page!

  • Pingback: When Bit.ly Bites Back – Avoiding Bit.ly Malware Links | Remove-Malware.com

  • McAfee!!

    What happened to Malvertised.com? Do you not use it anymore?
    And I use McAfee Total Protection, and Threatfire. SiteAdvisor will tell me about malvertised sites. Plus I have the knowledge to identify malvertised sites. I ? McAfee!

  • malwarekilla

    @ryan – thanks man!

  • malwarekilla

    @McAfee – not sure what I’m going to do with that. I may just add it as a category on here instead.

  • malwarekilla

    @RossN – you welcome


Remove-Malware Traffic Stats