Malvertising is the practice of using internet based advertising to spread malicious software (or malware).

Malvertising can be particularly nasty as it is delivered through websites that users would normally consider highly reputable. A recent example high profile site is MSN Norway.

The malvertising attack vector

Typically malvertising is a flash based attack where malicious code is written in ActionScript and then heavily obfuscated in an attempt to hide it’s true nature. The common attack is a cross site scripting attack to misdirect the user to a different destination.

How can you protect yourself from malvertising

As an end user there is not a lot that you can do to protect yourself from this type of attack, as not having flash installed is not a terribly practical solution. To a large extent you are reliant on flash, the browser, operating system and website owner to do the right thing.

As a site owner, you have two main ways to protect yourself.

1. Don’t show flash ads on your site. Only show image based or text based advertising.
2. Insist that your advertising provider has a policy and process for checking all their flash based ads.

If you are interested in the technical process of how to check ads, there are a number of tools available such as SWFIntruder.

Additional References

Inside rouge flash ads

Malicious advertising increasing

Back in 2005 I wrote a series of seven blog posts called The Seven Tenets of Software Testing. These posts have been buried deep in this site, so I have added a new page – Tenets of software testing – that links to all these origional articles, hopefully making them easier to find if you are new to my software testing blog.