Threat of the month, June 2016: Malvertising
How does it work?
Malvertising occurs when malicious actors use advertising networks to spread their malware, usually an Adobe Flash object or something similar, to other websites in the hopes that users will visit. Once the user visits the infected site, a script embedded in the site activates and attempts to download the really nasty part, the malware itself, to compromise the user's internet browser. Recently, there have been active malvertising campaigns noted on sites that users all over the world visit, such as The New York Times, Yahoo! and Reuters.
Should I be worried?
No site is immune, really. Because malvertising can affect ‘trusted' websites, hundreds of thousands of malware samples have likely been distributed across networks by users simply reading the news.
How can I prevent it?
Thankfully, the large majority of malvertising can be negated with a few simple tricks. Dedicate your online activity to a single browser and update it regularly. In addition, keep Adobe Flash and JAVA updates current, and disable auto-play features within the browser. Finally, take advantage of a browser security plugin such as Microsoft's EMET or Malwarebytes.