Definition

malvertisement (malicious advertisement or malvertising)

A malvertisement (malicious advertisement) is an advertisement on the Internet that is capable of infecting the viewer's computer with malware. According to the network security company Blue Coat Systems Inc., malvertising is the current computer hijacking technique of choice for organized crime. Compromised computers can be used to create powerful botnets that can be used to carry out identity theft, corporate espionage or other nefarious activity.

Malvertisements are commonly placed on a website in one of these two ways: 

Legitimate advertisements: Initially, a criminal may place a series of malware-free advertisements on a trusted site that runs third-party ads and leave them alone for several months in order to establish a good reputation.

Later on, the criminal will inject a malicious payload into the ad, infecting as many computers as possible in a short amount of time before removing the malicious code or discontinuing the ad.  This type of attack is often run on websites that run third-party ads. By infiltrating popular syndicated online ad services, thousands of sites can be infected at once. Unfortunately, websites that run third-party ads can do little to protect their visitors because syndicated ads are not under their direct control. In fact, the company from whom they receive the ads may use ads from other publishers, so the original source of the advertisements can be several parties removed.

Pop-up ads:  A pop-up ad can deliver a malicious payload as soon as the ad appears on the viewer’s screen. Scareware, which is malicious code disguised as an anti-virus application, is often delivered through pop-up ads. In some cases, the malware will execute when the viewer clicks the “X” to close the pop-up window.   

Malvertisement infections are becoming so prevalent that many security experts recommend that users block all pop-up ads and create an application whitelist that will only allow their computer to run programs that have been positively approved.

 

This was last updated in June 2011
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: