Malvertising - Revision history

User at 21:24, 17 January 2023

2023-01-17T21:24:40Z

User: The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).

2021-02-06T16:55:04Z

The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).

User at 15:01, 22 May 2020

2020-05-22T15:01:21Z

User at 14:49, 22 May 2020

2020-05-22T14:49:30Z

User: Created page with "'''Content Coming Soon'''"

2019-01-04T04:28:34Z

Created page with "'''Content Coming Soon'''"

New page

'''Content Coming Soon'''

@@ Line 1: / Line 1: @@
-'''Malvertising''' is a malicious cyber tactic that attempts to distribute malware through online advertisements. Online advertising is a vital source of income to many websites and [[internet]] properties. With [[demand]] higher than ever, online networks have become expansive and complex in order to effectively reach large online audiences. A relatively new cyber threat, malvertising takes advantage of these pathways and uses them as a dangerous tool that requires little input from its victims.<ref>Definition - What Does Malvertising Mean? [https://www.forcepoint.com/cyber-edu/malvertising Forcepoint]</ref>
+== What is Malvertising? ==
@@ Line 9: / Line 10: @@
 Throughout the years, however, malvertising’s modus operandi has remained the same. Typically, attackers buy ad space from ad agencies and then submit infected images hoping not to get caught. Sometimes, they start by sending a legitimate ad first, and insert malicious code later. After they infect enough people, they can clean up after themselves and remove the bad code.
-These cybercriminals often take advantage of the complex mechanisms used by the advertising [[industry]]. In many cases, there can be a long [[supply]] chain between the advertiser and the publisher that includes an ad [[network]] and one or more resellers. As recent malvertising attacks have shown, this entire supply chain can be manipulated. Security company Check Point [[Software]] Technologies noticed that a legitimate online advertising company might have been at the center of a malvertising scheme.
+These cybercriminals often take advantage of the complex mechanisms used by the advertising industry. In many cases, there can be a long supply chain between the advertiser and the publisher that includes an ad network and one or more resellers. As recent malvertising attacks have shown, this entire supply chain can be manipulated. Security company Check Point Software Technologies noticed that a legitimate online advertising company might have been at the center of a malvertising scheme.
 In July 2018, Check Point researchers uncovered a massive operation that distributed malvertising to users who drove by thousands of compromised WordPress websites. The ads had malicious [[JavaScript]] code that exploited unpatched vulnerabilities in browsers and browser plug-ins, including Adobe Flash Player. These attackers used multiple exploit kits, including the prolific RIG, which combines different web technologies (DoSWF, JavaScript, Flash and VBscript) to obfuscate attacks.
-Check Point noticed something even more alarming. “AdsTerra, a famous ad-network company, has been purchasing traffic from a known cybercriminal posing as an ordinary publisher, which obtains its traffic via malicious activities,” Check Point wrote on its [[website]].
+Check Point noticed something even more alarming. “AdsTerra, a famous ad-network company, has been purchasing traffic from a known cybercriminal posing as an ordinary publisher, which obtains its traffic via malicious activities,” Check Point wrote on its website.
 Dangu has noticed that malvertisers build relationships with the most reputable ad platforms. “There's a growing awareness in the ad tech industry that it is infected by malvertisers at its core,” he says. “Whenever a malicious ad gets served to a user, it evaded multiple layers of detection through the ad tech ecosystem.”
-Sometimes, cybercriminals don’t even need to go through this whole [[process]] if they can hack large websites directly, tricking them into serving people with malicious ads. It happened, for instance, to Equifax right after its notorious breach, security blogger Randy Abrams discovered.
+Sometimes, cybercriminals don’t even need to go through this whole process if they can hack large websites directly, tricking them into serving people with malicious ads. It happened, for instance, to Equifax right after its notorious breach, security blogger Randy Abrams discovered.
-From a regular user’s perspective, malicious ads are compelling because they often provoke strong emotions and promote calls-to-action. They can also promise products at a bargain, including an iPhone for just $1, tricking users into giving their credit card [[data]].
+From a regular user’s perspective, malicious ads are compelling because they often provoke strong emotions and promote calls-to-action. They can also promise products at a bargain, including an iPhone for just $1, tricking users into giving their credit card data.
 Confiant found that malvertising activity is 36 percent higher during weekends, the preferred day of the week for malvertisers to attack being Sunday. The holidays or shopping seasons such as  Black Friday when people are actively looking for discounts also see a spike in malvertising.
@@ Line 29: / Line 30: @@
 '''Overview of Malvertising<ref>Overview of Malvertising [https://en.wikipedia.org/wiki/Malvertising Wikipedia]</ref>'''<br />
-When websites or web publishers unknowingly incorporate corrupted or malicious advertisements into their page, computers can become infected pre-click and post-click. It is a misconception that infection only happens when visitors begin clicking on a malvertisement. "Examples of pre-click malware include being embedded in main scripts of the page or drive-by-downloads. Malware can also auto-run, as in the case of auto redirects, where the user is automatically taken to a different site, which could be malicious. Malware can also be found in the delivery of an ad – where a clean ad that has no malware pre- or post-click (in its build and [[design]]) can still be infected whilst being called. Malicious code can hide undetected and the user has no idea what's coming their way. A post-click malvertisement example: "the user clicks on the ad to visit the advertised site, and instead is directly infected or redirected to a malicious site. These sites trick users into copying viruses or spyware usually disguised as Flash files, which are very popular on the web." Redirection is often built into online advertising, and this spread of malware is often successful because users expect a redirection to happen when clicking on an advertisement. A redirection that is taking place only needs to be co-opted in order to infect a user's [[computer]].
+When websites or web publishers unknowingly incorporate corrupted or malicious advertisements into their page, computers can become infected pre-click and post-click. It is a misconception that infection only happens when visitors begin clicking on a malvertisement. "Examples of pre-click malware include being embedded in main scripts of the page or drive-by-downloads. Malware can also auto-run, as in the case of auto redirects, where the user is automatically taken to a different site, which could be malicious. Malware can also be found in the delivery of an ad – where a clean ad that has no malware pre- or post-click (in its build and design) can still be infected whilst being called. Malicious code can hide undetected and the user has no idea what's coming their way. A post-click malvertisement example: "the user clicks on the ad to visit the advertised site, and instead is directly infected or redirected to a malicious site. These sites trick users into copying viruses or spyware usually disguised as Flash files, which are very popular on the web." Redirection is often built into online advertising, and this spread of malware is often successful because users expect a redirection to happen when clicking on an advertisement. A redirection that is taking place only needs to be co-opted in order to infect a user's computer.
 Malvertising often involves the exploitation of trustworthy companies. Those attempting to spread malware place "clean" advertisements on trustworthy sites first in order to gain a good reputation, then they later "insert a virus or spyware in the code behind the ad, and after a mass virus infection is produced, they remove the virus", thus infecting all visitors of the site during that time period. The identities of those responsible are often hard to trace, making it hard to prevent the attacks or stop them altogether, because the "ad network infrastructure is very complex with many linked connections between ads and click-through destinations."
@@ Line 39: / Line 40: @@
 Malvertising is typically confused with ad malware or adware—another form of malware affecting online advertisements.
-[[Adware]] is a program running on a user’s computer. It’s usually packaged with other, legitimate software, or is installed without the user’s knowledge. Adware displays unwanted advertising, redirects search requests to advertising websites, and mines data about the user to help [[target]] or serve advertisements.
+[[Adware]] is a program running on a user’s computer. It’s usually packaged with other, legitimate software, or is installed without the user’s knowledge. Adware displays unwanted advertising, redirects search requests to advertising websites, and mines data about the user to help target or serve advertisements.
 Differences between malvertising and ad malware include:
@@ Line 47: / Line 48: @@
-'''How Malvertising Can Affect Your [[Business]]<ref>How Malvertising Can Affect Your Business [https://www.sitelock.com/blog/what-is-malvertising-and-how-to-prevent-it/ Sitelock]</ref>'''<br />
+'''How Malvertising Can Affect Your Business<ref>How Malvertising Can Affect Your Business [https://www.sitelock.com/blog/what-is-malvertising-and-how-to-prevent-it/ Sitelock]</ref>'''<br />
 Malvertising can affect small businesses in a variety of ways. Employees might unintentionally download malware on a company computer, thereby granting cybercriminals access to sensitive company data. An attack like this could have severe consequences, including ransomware attacks.
-Additionally, customers could click on a malicious ad featured on your website and infect their computers. This type of malvertising breach can damage your business’s reputation, erode [[customer]] trust and limit future revenue.
+Additionally, customers could click on a malicious ad featured on your website and infect their computers. This type of malvertising breach can damage your business’s reputation, erode customer trust and limit future revenue.
 Malvertising is an increasingly popular tactic for cybercriminals — some estimate that as many as 1 in 100 ads are malicious or disruptive. Online ads are so ubiquitous that users don’t think twice about clicking on them while casually browsing. A cybercriminal group known as ScamClub was able to leverage this tendency last year to overtake more than 300 million browser sessions using fake ads.
@@ Line 73: / Line 74: @@
 === See Also ===
-[[Mobile Security]]<br />
+*[[Advertising]]
-[[Network Security]]<br />
 === References ===
 <references/>

@@ Line 1: / Line 1: @@
-'''Malvertising''' is a malicious cyber tactic that attempts to distribute malware through online advertisements. Online advertising is a vital source of income to many websites and internet properties. With demand higher than ever, online networks have become expansive and complex in order to effectively reach large online audiences. A relatively new cyber threat, malvertising takes advantage of these pathways and uses them as a dangerous tool that requires little input from its victims.<ref>Definition - What Does Malvertising Mean? [https://www.forcepoint.com/cyber-edu/malvertising Forcepoint]</ref>
+'''Malvertising''' is a malicious cyber tactic that attempts to distribute malware through online advertisements. Online advertising is a vital source of income to many websites and [[internet]] properties. With [[demand]] higher than ever, online networks have become expansive and complex in order to effectively reach large online audiences. A relatively new cyber threat, malvertising takes advantage of these pathways and uses them as a dangerous tool that requires little input from its victims.<ref>Definition - What Does Malvertising Mean? [https://www.forcepoint.com/cyber-edu/malvertising Forcepoint]</ref>
 '''How Malvertising Works<ref>How Malvertising Works [https://www.csoonline.com/article/3373647/what-is-malvertising-and-how-you-can-protect-against-it.html CSO Online]</ref>'''<br />
-Malvertising has continued learning new tricks since it was first seen in the wild in late 2007 or early 2008. Back then, a vulnerability in Adobe Flash allowed attackers to distribute malicious advertising through several websites, including MySpace.
+Malvertising has continued learning new tricks since it was first seen in the wild in late 2007 or early 2008. Back then, a [[vulnerability]] in Adobe Flash allowed attackers to distribute malicious advertising through several websites, including MySpace.
 A few years later, in 2011, one of the first cases of a drive-by download was uncovered. Spotify was at the center of a malvertising attack that used the notorious Blackhole exploit kit, which was available for rent for a few hundred dollars a month.
@@ Line 9: / Line 9: @@
 Throughout the years, however, malvertising’s modus operandi has remained the same. Typically, attackers buy ad space from ad agencies and then submit infected images hoping not to get caught. Sometimes, they start by sending a legitimate ad first, and insert malicious code later. After they infect enough people, they can clean up after themselves and remove the bad code.
-These cybercriminals often take advantage of the complex mechanisms used by the advertising industry. In many cases, there can be a long supply chain between the advertiser and the publisher that includes an ad network and one or more resellers. As recent malvertising attacks have shown, this entire supply chain can be manipulated. Security company Check Point Software Technologies noticed that a legitimate online advertising company might have been at the center of a malvertising scheme.
+These cybercriminals often take advantage of the complex mechanisms used by the advertising [[industry]]. In many cases, there can be a long [[supply]] chain between the advertiser and the publisher that includes an ad [[network]] and one or more resellers. As recent malvertising attacks have shown, this entire supply chain can be manipulated. Security company Check Point [[Software]] Technologies noticed that a legitimate online advertising company might have been at the center of a malvertising scheme.
-In July 2018, Check Point researchers uncovered a massive operation that distributed malvertising to users who drove by thousands of compromised WordPress websites. The ads had malicious JavaScript code that exploited unpatched vulnerabilities in browsers and browser plug-ins, including Adobe Flash Player. These attackers used multiple exploit kits, including the prolific RIG, which combines different web technologies (DoSWF, JavaScript, Flash and VBscript) to obfuscate attacks.
+In July 2018, Check Point researchers uncovered a massive operation that distributed malvertising to users who drove by thousands of compromised WordPress websites. The ads had malicious [[JavaScript]] code that exploited unpatched vulnerabilities in browsers and browser plug-ins, including Adobe Flash Player. These attackers used multiple exploit kits, including the prolific RIG, which combines different web technologies (DoSWF, JavaScript, Flash and VBscript) to obfuscate attacks.
-Check Point noticed something even more alarming. “AdsTerra, a famous ad-network company, has been purchasing traffic from a known cybercriminal posing as an ordinary publisher, which obtains its traffic via malicious activities,” Check Point wrote on its website.
+Check Point noticed something even more alarming. “AdsTerra, a famous ad-network company, has been purchasing traffic from a known cybercriminal posing as an ordinary publisher, which obtains its traffic via malicious activities,” Check Point wrote on its [[website]].
 Dangu has noticed that malvertisers build relationships with the most reputable ad platforms. “There's a growing awareness in the ad tech industry that it is infected by malvertisers at its core,” he says. “Whenever a malicious ad gets served to a user, it evaded multiple layers of detection through the ad tech ecosystem.”
-Sometimes, cybercriminals don’t even need to go through this whole process if they can hack large websites directly, tricking them into serving people with malicious ads. It happened, for instance, to Equifax right after its notorious breach, security blogger Randy Abrams discovered.
+Sometimes, cybercriminals don’t even need to go through this whole [[process]] if they can hack large websites directly, tricking them into serving people with malicious ads. It happened, for instance, to Equifax right after its notorious breach, security blogger Randy Abrams discovered.
-From a regular user’s perspective, malicious ads are compelling because they often provoke strong emotions and promote calls-to-action. They can also promise products at a bargain, including an iPhone for just $1, tricking users into giving their credit card data.
+From a regular user’s perspective, malicious ads are compelling because they often provoke strong emotions and promote calls-to-action. They can also promise products at a bargain, including an iPhone for just $1, tricking users into giving their credit card [[data]].
 Confiant found that malvertising activity is 36 percent higher during weekends, the preferred day of the week for malvertisers to attack being Sunday. The holidays or shopping seasons such as  Black Friday when people are actively looking for discounts also see a spike in malvertising.
@@ Line 29: / Line 29: @@
 '''Overview of Malvertising<ref>Overview of Malvertising [https://en.wikipedia.org/wiki/Malvertising Wikipedia]</ref>'''<br />
-When websites or web publishers unknowingly incorporate corrupted or malicious advertisements into their page, computers can become infected pre-click and post-click. It is a misconception that infection only happens when visitors begin clicking on a malvertisement. "Examples of pre-click malware include being embedded in main scripts of the page or drive-by-downloads. Malware can also auto-run, as in the case of auto redirects, where the user is automatically taken to a different site, which could be malicious. Malware can also be found in the delivery of an ad – where a clean ad that has no malware pre- or post-click (in its build and design) can still be infected whilst being called. Malicious code can hide undetected and the user has no idea what's coming their way. A post-click malvertisement example: "the user clicks on the ad to visit the advertised site, and instead is directly infected or redirected to a malicious site. These sites trick users into copying viruses or spyware usually disguised as Flash files, which are very popular on the web." Redirection is often built into online advertising, and this spread of malware is often successful because users expect a redirection to happen when clicking on an advertisement. A redirection that is taking place only needs to be co-opted in order to infect a user's computer.
+When websites or web publishers unknowingly incorporate corrupted or malicious advertisements into their page, computers can become infected pre-click and post-click. It is a misconception that infection only happens when visitors begin clicking on a malvertisement. "Examples of pre-click malware include being embedded in main scripts of the page or drive-by-downloads. Malware can also auto-run, as in the case of auto redirects, where the user is automatically taken to a different site, which could be malicious. Malware can also be found in the delivery of an ad – where a clean ad that has no malware pre- or post-click (in its build and [[design]]) can still be infected whilst being called. Malicious code can hide undetected and the user has no idea what's coming their way. A post-click malvertisement example: "the user clicks on the ad to visit the advertised site, and instead is directly infected or redirected to a malicious site. These sites trick users into copying viruses or spyware usually disguised as Flash files, which are very popular on the web." Redirection is often built into online advertising, and this spread of malware is often successful because users expect a redirection to happen when clicking on an advertisement. A redirection that is taking place only needs to be co-opted in order to infect a user's [[computer]].
 Malvertising often involves the exploitation of trustworthy companies. Those attempting to spread malware place "clean" advertisements on trustworthy sites first in order to gain a good reputation, then they later "insert a virus or spyware in the code behind the ad, and after a mass virus infection is produced, they remove the virus", thus infecting all visitors of the site during that time period. The identities of those responsible are often hard to trace, making it hard to prevent the attacks or stop them altogether, because the "ad network infrastructure is very complex with many linked connections between ads and click-through destinations."
@@ Line 39: / Line 39: @@
 Malvertising is typically confused with ad malware or adware—another form of malware affecting online advertisements.
-Adware is a program running on a user’s computer. It’s usually packaged with other, legitimate software, or is installed without the user’s knowledge. Adware displays unwanted advertising, redirects search requests to advertising websites, and mines data about the user to help target or serve advertisements.
+[[Adware]] is a program running on a user’s computer. It’s usually packaged with other, legitimate software, or is installed without the user’s knowledge. Adware displays unwanted advertising, redirects search requests to advertising websites, and mines data about the user to help [[target]] or serve advertisements.
 Differences between malvertising and ad malware include:
@@ Line 47: / Line 47: @@
-'''How Malvertising Can Affect Your Business<ref>How Malvertising Can Affect Your Business [https://www.sitelock.com/blog/what-is-malvertising-and-how-to-prevent-it/ Sitelock]</ref>'''<br />
+'''How Malvertising Can Affect Your [[Business]]<ref>How Malvertising Can Affect Your Business [https://www.sitelock.com/blog/what-is-malvertising-and-how-to-prevent-it/ Sitelock]</ref>'''<br />
 Malvertising can affect small businesses in a variety of ways. Employees might unintentionally download malware on a company computer, thereby granting cybercriminals access to sensitive company data. An attack like this could have severe consequences, including ransomware attacks.
-Additionally, customers could click on a malicious ad featured on your website and infect their computers. This type of malvertising breach can damage your business’s reputation, erode customer trust and limit future revenue.
+Additionally, customers could click on a malicious ad featured on your website and infect their computers. This type of malvertising breach can damage your business’s reputation, erode [[customer]] trust and limit future revenue.
 Malvertising is an increasingly popular tactic for cybercriminals — some estimate that as many as 1 in 100 ads are malicious or disruptive. Online ads are so ubiquitous that users don’t think twice about clicking on them while casually browsing. A cybercriminal group known as ScamClub was able to leverage this tendency last year to overtake more than 300 million browser sessions using fake ads.
@@ Line 57: / Line 57: @@
 '''Types of Malvertising<ref>Types of Malvertising [https://us.norton.com/internetsecurity-malware-malvertising.html Norton]</ref>'''<br />
 Malvertising comes in all shapes and sizes but all forms can pose risks to your sensitive information. Here are some common types of  malvertising:
-*Redirection: Clicking on a malware ad will often redirect you to spoof sites that look legitimate but are actually set up for phishing attacks, in which criminals try to trick you into surrendering personal information such as your Social Security number, credit card numbers or bank account credentials. These sites are designed to look like legitimate sites, whether they are mimicking the webpages of banks, credit unions, or credit card providers.
+*Redirection: Clicking on a malware ad will often redirect you to spoof sites that look legitimate but are actually set up for [[phishing]] attacks, in which criminals try to trick you into surrendering personal information such as your Social Security number, credit card numbers or bank account credentials. These sites are designed to look like legitimate sites, whether they are mimicking the webpages of banks, credit unions, or credit card providers.
 *Malware: The other main type of malvertising is more proactive and can quickly infect your computer. This version of malware populates legitimate sites — ones that you might visit every day — with infected banner or box ads. Clicking on such an ad could install spyware, viruses, trojans or other types of malware on your computer. This type of malicious software can be especially dangerous because it often operates in the background, stealing your personal and financial information, tracking your keystrokes and monitoring your email messages without you ever noticing.
 *Sometimes you don’t have to click: You might think you’re safe from malvertising because you never click on online ads, including pop-ups. But here’s the scary part: Even if you vow to never click an ad, you’re not completely safe from malvertising. That’s because the version of malware known as drive-by downloads can start infecting your computer with spyware or malware as soon as an infected page starts loading. You don’t have to click anything to start the process.

@@ Line 1: / Line 1: @@
 '''Malvertising''' is a malicious cyber tactic that attempts to distribute malware through online advertisements. Online advertising is a vital source of income to many websites and internet properties. With demand higher than ever, online networks have become expansive and complex in order to effectively reach large online audiences. A relatively new cyber threat, malvertising takes advantage of these pathways and uses them as a dangerous tool that requires little input from its victims.<ref>Definition - What Does Malvertising Mean? [https://www.forcepoint.com/cyber-edu/malvertising Forcepoint]</ref>
@@ Line 32: / Line 24: @@
-[[File:Malvertising.png|200px|Malvertising]]<br />
+[[File:Malvertising.png|400px|Malvertising]]<br />
 source: [https://blog.malwarebytes.com/101/2015/02/what-is-malvertising/ Malwarebytes]
@@ Line 45: / Line 45: @@
 Malvertising involves malicious code which is initially deployed on a publisher’s web page. Adware, however, is only used to target individual users.
 Malvertising only affects users viewing an infected webpage. Adware, once installed, operates continuously on a user’s computer.

← Older revision		Revision as of 14:49, 22 May 2020
Line 1:		Line 1:
−	'''~~Content Coming Soon~~'''	+	'''Malvertising''' is a malicious cyber tactic that attempts to distribute malware through online advertisements. Online advertising is a vital source of income to many websites and internet properties. With demand higher than ever, online networks have become expansive and complex in order to effectively reach large online audiences. A relatively new cyber threat, malvertising takes advantage of these pathways and uses them as a dangerous tool that requires little input from its victims.<ref>Definition - What Does Malvertising Mean? [https://www.forcepoint.com/cyber-edu/malvertising Forcepoint]</ref>
		+
		+
		+	'''Overview of Malvertising<ref>Overview of Malvertising [https://en.wikipedia.org/wiki/Malvertising Wikipedia]</ref>'''<br />
		+	When websites or web publishers unknowingly incorporate corrupted or malicious advertisements into their page, computers can become infected pre-click and post-click. It is a misconception that infection only happens when visitors begin clicking on a malvertisement. "Examples of pre-click malware include being embedded in main scripts of the page or drive-by-downloads. Malware can also auto-run, as in the case of auto redirects, where the user is automatically taken to a different site, which could be malicious. Malware can also be found in the delivery of an ad – where a clean ad that has no malware pre- or post-click (in its build and design) can still be infected whilst being called. Malicious code can hide undetected and the user has no idea what's coming their way. A post-click malvertisement example: "the user clicks on the ad to visit the advertised site, and instead is directly infected or redirected to a malicious site. These sites trick users into copying viruses or spyware usually disguised as Flash files, which are very popular on the web." Redirection is often built into online advertising, and this spread of malware is often successful because users expect a redirection to happen when clicking on an advertisement. A redirection that is taking place only needs to be co-opted in order to infect a user's computer.
		+
		+	Malvertising often involves the exploitation of trustworthy companies. Those attempting to spread malware place "clean" advertisements on trustworthy sites first in order to gain a good reputation, then they later "insert a virus or spyware in the code behind the ad, and after a mass virus infection is produced, they remove the virus", thus infecting all visitors of the site during that time period. The identities of those responsible are often hard to trace, making it hard to prevent the attacks or stop them altogether, because the "ad network infrastructure is very complex with many linked connections between ads and click-through destinations."
		+
		+	Some malvertisements can infect a vulnerable computer even if the user never clicks on the (normal-appearing) advertisement.
		+
		+
		+	'''How Malvertising Works<ref>How Malvertising Works [https://www.csoonline.com/article/3373647/what-is-malvertising-and-how-you-can-protect-against-it.html CSO Online]</ref>'''<br />
		+	Malvertising has continued learning new tricks since it was first seen in the wild in late 2007 or early 2008. Back then, a vulnerability in Adobe Flash allowed attackers to distribute malicious advertising through several websites, including MySpace.
		+
		+	A few years later, in 2011, one of the first cases of a drive-by download was uncovered. Spotify was at the center of a malvertising attack that used the notorious Blackhole exploit kit, which was available for rent for a few hundred dollars a month.
		+
		+	Throughout the years, however, malvertising’s modus operandi has remained the same. Typically, attackers buy ad space from ad agencies and then submit infected images hoping not to get caught. Sometimes, they start by sending a legitimate ad first, and insert malicious code later. After they infect enough people, they can clean up after themselves and remove the bad code.
		+
		+	These cybercriminals often take advantage of the complex mechanisms used by the advertising industry. In many cases, there can be a long supply chain between the advertiser and the publisher that includes an ad network and one or more resellers. As recent malvertising attacks have shown, this entire supply chain can be manipulated. Security company Check Point Software Technologies noticed that a legitimate online advertising company might have been at the center of a malvertising scheme.
		+
		+	In July 2018, Check Point researchers uncovered a massive operation that distributed malvertising to users who drove by thousands of compromised WordPress websites. The ads had malicious JavaScript code that exploited unpatched vulnerabilities in browsers and browser plug-ins, including Adobe Flash Player. These attackers used multiple exploit kits, including the prolific RIG, which combines different web technologies (DoSWF, JavaScript, Flash and VBscript) to obfuscate attacks.
		+
		+	Check Point noticed something even more alarming. “AdsTerra, a famous ad-network company, has been purchasing traffic from a known cybercriminal posing as an ordinary publisher, which obtains its traffic via malicious activities,” Check Point wrote on its website.
		+
		+	Dangu has noticed that malvertisers build relationships with the most reputable ad platforms. “There's a growing awareness in the ad tech industry that it is infected by malvertisers at its core,” he says. “Whenever a malicious ad gets served to a user, it evaded multiple layers of detection through the ad tech ecosystem.”
		+
		+	Sometimes, cybercriminals don’t even need to go through this whole process if they can hack large websites directly, tricking them into serving people with malicious ads. It happened, for instance, to Equifax right after its notorious breach, security blogger Randy Abrams discovered.
		+
		+	From a regular user’s perspective, malicious ads are compelling because they often provoke strong emotions and promote calls-to-action. They can also promise products at a bargain, including an iPhone for just $1, tricking users into giving their credit card data.
		+
		+	Confiant found that malvertising activity is 36 percent higher during weekends, the preferred day of the week for malvertisers to attack being Sunday. The holidays or shopping seasons such as Black Friday when people are actively looking for discounts also see a spike in malvertising.
		+
		+
		+	[[File:Malvertising.png\|200px\|Malvertising]]<br />
		+	source: [https://blog.malwarebytes.com/101/2015/02/what-is-malvertising/ Malwarebytes]
		+
		+
		+	'''Malvertising vs. Ad malware<ref>Malvertising vs. Ad malware [https://www.imperva.com/learn/application-security/malvertising/ Imperva]</ref>'''<br />
		+	Malvertising is typically confused with ad malware or adware—another form of malware affecting online advertisements.
		+
		+	Adware is a program running on a user’s computer. It’s usually packaged with other, legitimate software, or is installed without the user’s knowledge. Adware displays unwanted advertising, redirects search requests to advertising websites, and mines data about the user to help target or serve advertisements.
		+
		+	Differences between malvertising and ad malware include:
		+
		+	Malvertising involves malicious code which is initially deployed on a publisher’s web page. Adware, however, is only used to target individual users.
		+	Malvertising only affects users viewing an infected webpage. Adware, once installed, operates continuously on a user’s computer.