How Can I Avoid Malware Delivered By Web Adverts?

There are many ways that malware is able to infiltrate your system.

Just when you think that you have it figured out, the person who created it finds another way to get inside of your system.

One of the more popular modes of transportation on the internet today for malware is the ad serving systems of many web sites.

While most people do not like ads, they are willing to put up with them but most of these people do not know that these same ads that they are willing to put up with may also be serving pieces of malware to their computer.

If they knew about that then I would expect that these same people would tolerate the ads that they see even less.

But lets not paint all advertising under the same brush stroke – they are all not that bad and there are ways that you can spot and stop the bad ones from getting on your computer.

That is what I am going to talk about in this article – how to stop the bad guys from getting to your system through the ad networks on web sites.


Web Advertising

Most of the content that you see on web sites must be paid for in some manner and a lot of web sites do that through the ad revenue model.

This article is not about going after advertising in general as it is certainly a means to an end for some site owners.

It is, however, about going after web sites that put your safety at risk by serving malware ridden ads.

How Does Malware Get Into The Ads On Your Favourite Web Site?

You have to remember that malware is nothing more than computer code and when a black hat hacker has bad intentions on his mind then they are going to find a way.

Most of the ads that are served up to your favorite web site are not coming from the web site itself; they are coming from a company whose job it is to serve up the ads.

They have their own server and the web site that you are visiting places a piece of JavaScript code that will pull down the ads from the server that the advertising company owns.

The problem here is that the model depends on a blind trust issue.

The web site that you are visiting must be sure that the server that the ad network owns is not going to serve its customers malware.

If it does then it must make sure that it takes care of the problem very quickly.

Reputable ad networks will work to clean up their network.

They will try to find the bad guy and, when they do, purge him from their system.

If the web site that you are visiting asks the ad network to purge the violator from their system and they do not, then it is now up to the web site to find another ad network.

While it is OK for you to give your favorite web site a chance to make it OK, you should only give them one.

It is not OK for your computer to be infected more than once from that site even though it is not their fault.

How Does The Malware Get There?

The question you may have now is how it gets to the server in the first place.

Well one way is that the black hat hacker may have found a hole in the servers that places the ads on other web sites.

From that hole they were able to send links to their malware to other sites.

Another way is through the use of Flash as an advertising model.

While some advertising networks will only use text based ad, some will use Flash based ads as well.

This can be dangerous.

The Flash runtime player is able to do a lot of things and if the black hat hacker is able to slip in the wrong Flash file then all kinds of things can go wrong.

How Can I Stop It?

There are several ways that you can stop this type of infection from happening to your computer.

The first thing is to make sure that you have a proper antivirus program installed and updated on your computer.

This will be your first line of defense.

The second is to block sites that you do not trust from serving ads to you from third party networks.

There are several Firefox and Chrome add-ons that will do this for you, such as –

  • NoScript
  • SecureBrowser
  • AdBlock Plus

(thanks to @vaxen_var for reminding me that I hadn’t listed any of them!)

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. […] information about you?But there are some aspects about the advertising model that a lot of people do not trust. One of these aspects is the fact that these ads deliver so much of your personal information to […]

  2. […] This post was mentioned on Twitter by vaxen_var and Jaime Romo, Lee. Lee said: How Can I Avoid Malware Delivered By Web Adverts? […]

Speak Your Mind