It is always a good idea to be careful where you click. Phishing domains or other malicious websites are becoming better and better at impersonating legitimate sites. However, you also need to worry about the advertising on sites. Here is an example of why: Malvertising hits DailyMotion and Serves Up Angler EK. While DailyMotion is not a shopping website, it is not too far fetched to believe that malicious ads could appear just about anywhere.
I am a bit surprised that we have not seen more incidents like this before. This technique would probably not be good for targeting a specific person, but it is a good way of gathering bots for a botnet. Because of targeted advertising, this may be a good way of targeting a group of people by catering to things that people in that group might be interested in.
You probably already know to be careful about clicking links in e-mails, even from people you know. The same principle applies when clicking on an advertisement. Beyond the privacy implications, it can be difficult to tell where an ad will finally take you (just like a link in an e-mail). An ad usually does not go directly to the site shown in the ad. It usually jumps through a few hops so that advertising providers can track what site the ad was clicked on and correlate the ad with any other information the advertising provider has on you. This happens very quickly, so unless you are looking for it, this activity might be hard to see.
The problem here was that the group that paid for the ad was not selling anything at all. They were using the ad network as a conduit for delivering malware. Since most people do not monitor their web traffic very closely, the group probably figured they could get a few victims before they were caught.
So what steps can you take to protect yourself? Not everything on this list might be worth doing for you depending on how you browse the Internet, but it provides something to think about.
- Use a plugin in your browser to disable ads. uBlock Origin is a popular ad-blocker and is available for both Chrome and Firefox.
- If you want to buy something from a site, visit it directly instead of through an ad.
- In addition to arming your browser, it is a good idea to keep your operating system, software, and malware protection up to date.