Tuesday 16th February 2021

BLOG: Danger Of Ads & PUAs

As long as there have been web advertising networks, there have been malicious web ads. These malicious and potentially dangerous web ads have been significantly increasing, despite many web advertising networks and browser developers taking the steps and important measures to reduce the danger of malicious content spread through legitimate websites. However, less reliable ad networks fail to screen content regularly and allow “pop-under” ads that avoid browsers’ pop-up prohibiting features. Many of these “pop-unders” force JavaScript and Cascading Style Sheet features to convince incautious browser users that something is erroneous with their devices. 

Potentially Unwanted Applications (PUAs) are unfavourable software programs and often embedded within free software, potentially unwanted programs will download and install themselves during the installation of a legitimate free software bundle. These unwanted programs can come in the form of adware, browser hijackers, browser toolbars, and even spyware (click here to read our blog about the new wormable Whatsapp malware). Not all PUAs are destructive, but some can cause very intolerable behaviours, many generate a few pop-up ads or cause your computer to extremely slowly. These applications can negatively affect a computer’s performance and can even introduce security risks such as spyware and other unwanted programs. 

Many PUAs appear from streaming sites and sites impersonating genuine sites. The most common form that is on these types of sites is scareware, this is a pop-up ad that appears on your screen, warning that your computer is infected with viruses. The ad says that you can remove them by buying antivirus software that will immediately eliminate them. Scareware is a scam in which cybercriminals attempt to gain access to your credit card information, and often your computer itself, by tricking you into buying fake antivirus software. If users do fall victim to this scam and install the program on their computers and other devices, this will have placed them in a compromising situation as they will have given up their financial information to a scammer and have installed malware on their computer. This provides hackers with access to files and the ability to send out fraudulent emails in users’ name, or track their online activity. 

Photocredit: https://malwaretips.com/blogs/remove-adware-popup-ads/

The four major web browsers Internet Explorer, Firefox, Chrome, and Opera have built-in pop-up blocking features. The configuration and blocking methods vary from browser to browser, but they all obstruct commonly used Web programming techniques that create pop-up windows, which subsequently stops pop-up ads from launching.

Malicious advertisements (malvertising) continue to be a major source of threats to a range of devices. The current trends in malvertising threats that fall outside the domain of malware attacks are technical support scams using “browser locking” web pages, and ads targeting mobile devices that are linked to fraudulent apps. 

Photocredit: https://www.consumer.ftc.gov/articles/how-spot-avoid-and-report-tech-support-scams

Technical support scams typically attempt to steer targets into providing remote access to their computers and then convincing them to either purchase exorbitantly priced technical support software and services or obtain targets’ credit card data for fraudulent purposes. Many threat actors have changed to using malicious web advertisements that attempt to convince the user that their computers have been locked for security reasons and directing them to call the scammers themselves. 

Installing antivirus software will capture a variety of malware and adware before it can do any harm. Spotify had previously inadvertently distributed malware-infected content through its advertising network in 2011. Cybersecurity experts have warned that malvertising is on the rise because the scale of popular advertising networks can be misused to push malicious content to a wide-ranging audience. This can happen to larger companies, in 2016 Spotify says it has fixed a problem in its software that lets rogue adverts automatically open virus-infected websites on a victim’s device. The malvertising affected Spotify’s subscription-free service on Windows, Mac, and Linux machines. People described that virus-infected pop-up websites were appearing while they listened to music. 

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.