User blog:Ozank Cx/How To Protect Yourself Against Malvertising

Security is an important, regularly discussed topic in modern times, and will forever be as such. In modern times, cyber criminals have been finding new ways to victimize innocent users of the Internet for various purposes - usually money extortion (stealing credit card details, or ransom by force encrypting the users contents and asking for a fee to have them returned). There are many aspects of security that are important but one that is relevant here is malvertising (a portmanteau of malware and advertising).

What is malvertising?
Malvertising is the practice of using advertisements to spread malware.

How does that happen?
There are various methods:
 * Webmasters have their websites compromised, and the hackers introduce it
 * Poor/no checking of ads that are given to companies who host them which allow rogue ads through
 * Insecure websites with vulnerabilities that allow attacks such as XSS (cross-site scripting)

Does it require user interaction?
Plugins such as Java and Adobe Flash have an incredibly ludicrous record of ridiculous exploits. However, there are other methods too - simply visiting a website can allow malicious code to run that is server-side (PHP or C# for example) to allow the malware through. This is called drive-by downloading.

Some bad adverts are able to redirect the user from the legitimate website to rogue websites so the malware can run, and these redirecting adverts are considered malvertisements too.

What's more, there are special malware called exploit kits on these rogue websites which aim to increase the risk of drive-by downloading to happen. These will deliberately scan your browser for vulnerabilities to exploit; software which is merely a few days out of date are incredibly vulnerable to this, because the malware authors are quick to update their malware.

So the answer is no, you do not have to interact with a webpage in ordered to be infected. You could be visiting a legitimate page and unbeknownst to you, be redirected and become a victim of drive-by downloading.

What are the possible consequences?
Java plugins are meant to be running in a sandboxed environment, meaning it should not affect anything out of its boundaries (the browser). However, so many vulnerabilities have been found that allow arbitrary code execution affect outside of your browser. The malware, once downloaded, can instantly run and some will do so silently, in absolute secret to the user. Java was an example of this happening - it can be any plugin or server-sided language.

Once the arbitrary code is able to run without your permission, the hackers could do anything they like to your device, and subsequently the contents on it. This might be deletion, editing, locking or copying the files.

How do you defend against this?
Cyber criminals are so advanced even tech savvy users can easily become a victim. As they aim to compromise advertising networks and major websites for the maximum victim exposure, you can take the following measures:

Common Sense
It's always a good idea to visit websites you trust and know aren't malicious. Visiting torrent sites or adult content are more likely to contain malvertisements than others.

Antivirus
As a standard defence, antivirus is advised. However most will not detect malvertising as its hard to detect due to the vulnerabilities being exploited in the browser. Still, it's better than nothing.

Up-to-date Software
Since a lot of these malvertisements exploit known software vulnerabilities, you should always keep them updated to patch these holes.

Uninstall Obsolete Updates
It was until a couple years ago Java was beginning to remove the old versions after installing the new one. Legacy malvertisements may be able to take advantage of older Java versions, so you should definitely remove the older versions.

Restrict Plugins
Java and Adobe Flash are loved by cyber criminals because they have so many exploits. Therefore you should consider restricting them, or even better and removing completely. Both plugins are superseded anyway by safer alternatives.

Extensions
These are all free to use!

NoScript
NoScript provides excellent defence against scripts. You can make it so JavaScript, Java, Adobe Flash etc only run on websites you trust. As malvertisements come from external vendors from the website visited, they can be prevented from running their payloads.

Adblock (Plus)
One unknown benefit of blocking ads is preventing malvertisement execution as the payload never arrives to the user's browser.

Web of Trust
This extension is community driven and will let you know a website's rating. If it has an incredibly poor rating it will automatically prevent you from accessing known detrimental websites.

Why did you post this on Wikia?
Because Wikia has adverts. Even if you register as a user, you can still see adverts such as on the main page. Wikia will probably not be compromised but I have seen XSS attacks in the past affect Wikia (see below), and ad vendors can sometimes go rogue, or are compromised themselves.

http://i.imgur.com/8tcBY.png

Note there are further measures you can take to protect yourself - I am merely scratching the surface on this subject. Most cost nothing to implement so I hope you take action to protect yourself. Should you encounter a bad ad on Wikia, you can report it here.