Threat Level: Orange

Malicious Web Advertisements

Seemingly benign advertisements for recognizable products or services appearing on trusted, reputable websites could offer more than you bargain for whether you click on the ad or not.

Malicious attackers inject code into the SWF file (Flash) of ads that redirect your browser to malware hosted websites. The most common goal of the redirection is to download rogue security software, either via a drive-by-download or by displaying a message pop-up informing you that your PC is infected and eventually attempting to entice you to purchase the product for the removal of said malware.

The threat as it exists according to a Microsoft Most Valuable Professional, Sandi Hardmeier, author of the Spyware Sucks blog and source of quote:

It is quite obvious that the bad guys are going to take as much advantage as they can of the fact that their current malvertizements are extremely difficult to detect (malvertizements created using Fuse Kit). They are going to hit every site that they can, as often as they can, for as long as they can. It worries me that I am seeing complaints about malvertizing-like symptoms all over the net implicating - not only newsweek, but at other big name sites like MSNBC, Facebook, lime.com, Hotmail, MySpace and Yahoo.

I am seeing reports of the malicious redirects remaining dormant for a week before visitors to victim web sites are hijacked and redirected to fraudware sites. Web sites simply *must* increase their due diligence checks with any new advertiser. It is going to take time, and it is going to cost money, but what alternative do web sites have if they want to protect and keep their readership, and if they want to avoid the inevitable end result of malvertizing, which is that more and more of visitors to their sites are going to block all advertising.

Her first paragraph is alarming and real. Money is the fuel that drives the bad guys and there is money to be made with malicious advertisements. The second paragraph or rather one of the statements she makes worries me even more,

Web sites simply *must* increase their due diligence checks with any new advertiser. It is going to take time, and it is going to cost money, but what alternative do web sites have if they want to protect and keep their readership,

Personally, and also the goal of this website is to encourage individuals to take charge of their own PC security, not to rely on security software or especially individual website owners to protect us. So this leads me to where I'm going next, her last statement, "block all advertising."

Protect Yourself

First and most importantly you will always want to have all the latest updates or versions installed of both Adobe Flash and your web browser. Old or un-patched versions of software generally create a drive-thru window straight into your computer.

To check if your using the latest Flash player (Adobe Flash Player version 10.0.12.36) visit: http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_15507

The second step of blocking the threat is by the outright blocking of the potentially dangerous advertisements before even having a chance to load. This method of self-protection could be considered controversial by some, especially website owners who may rely on advertising revenue, but the point of this website is not to engage in controversies of ethics but instead provide a means of protecting your computer.

For Firefox users, I recommend two add-ons. Adblock Plus and NoScript.

Adblock Plus is probably the easiest method to use. However, a simple install of the add-on allows for the advertisement to be displayed first and then offers you a chance to block it. In the case of an auto-redirect code you wouldn't have a chance to block the ad. The add-on does provide the ability to add subscriptions to block the most prevailing ad-networks and as a result of the subscription filters ad blocking is fully automatic. I believe this is a good level of protection and you can always allow your trusted sites to display advertisements. Get Adblock Plus

NoScript, while not billed as an ad-blocker and slightly off-topic, does take web browsing security to a completely new level and is worth mentioning. NoScript allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice and also offers protection from cross-site scripting and clickjacking. In short NoScript prevents any executable code within websites or advertisements from executing unless you permit it to. Please visit the NoScripts website for more information and features.

For Internet Explorer users it's a bit more complicated and your not actually blocking advertisements but rather blocking Flash. To block Flash do the following:

Tools > Internet Options > Program Tab > Manage add-on options button > Filters > Add-ons that run without requiring permission >Select Shockwave Object > Click Disable button at bottom.

This method will work to block Flash advertisements but will also block all other Flash, so if you need to view it you would have to repeat the above process but click enable instead.

I did find two add-ons for Internet Explorer that could offer an alternative to completely disabling Flash as mentioned above. One is called IE7Pro and the other is called ToggleFlash. I do not know anything about them and cannot attest to their abilities but could be worth checking out if you're an IE user.

Conclusion

Like I have said before, the Internet is and can be a dangerous place so don't allow yourself to be a victim, and always take the necessary steps of protecting your computer and yourself to defeat the bad guys.