Think Before You Click: Online Ads Are Hotbeds for Malware

online ads malwareMac users often feel a false sense of security online. They often assume that Macs never get viruses, so they don’t take precautions before clicking on untested links. The bad news is that it’s not always easy to tell a malicious link from a safe one, and even websites that look safe can be vandalized by cyberattackers. For example, in January 2014, Graham Cluley reported that the Hasbro toy company’s website had been corrupted by malware four times in a single month. Every time a Mac user visited the website, the Mac could have taken on malware via drive-by-download.

 

The best solution for safe Web browsing is to research the best antivirus for Mac software. Choose a program that scans links to make sure that they’re safe. Also, think twice before clicking on any online ads. According to security experts, online ads have become notorious for transmitting malware.

What’s Dangerous About Clicking an Online Ad?

Ads have become omnipresent on the Web. Google AdWords serves up paid search results, and it delivers targeted ads based on data collected when someone browses the Web or uses a Google service, like Gmail. Social networks like Facebook and Twitter also serve up plenty of online ads on both desktop Macs and on iPads and iPhones.

Virus alert warning

One great aspect of online ad campaigns is that they give small businesses a chance to get noticed. A small business owner can open an AdWords account or set up a Facebook page, set an advertising budget and start displaying targeted ads. Unfortunately, because ad campaigns are easy to set up, it’s also easy for attackers to create fake ads. In those ads, they can place fake links that lead to malicious websites. According to Cisco’s 2013 Annual Security Report, online advertisements are 182 times more likely to deliver malware than a clicked link on a pornography site. Cyber attackers know that online ads are seen by a big audience, particularly on social networks. They know that they can do a lot more damage with an online ad than they can by waiting for someone to drop by their malicious website.

How Does Malware Get From an Online Ad to a Mac?

When Mac users have a good antivirus program installed on their hard drives, the software scans online links before Mac users click them. For example, some links may appear green, letting the Mac user know that they’re safe, while a dangerous link appears red to warn the Mac user not to click. An unprotected Mac user won’t know when links are malicious, so the user may click an innocent-looking online ad link. The link may lead to a website that contains malicious code, and that code, through a vulnerability in Safari or another Web browser, could deposit a virus onto the Mac.

One of the most notorious Mac viruses ever discovered was a virus called Mac Defender. Mac Defender was actually advertised as a fake Mac antivirus product. Users could download it from fake ads, or Mac Defender would generate pop-up windows while they were browsing the Web. It would scare Mac users by telling them their Terminal program was infected, or it would redirect their browsers to pornography sites in an attempt to convince them that they had a virus. Then, when the Mac user agreed to download Mac Defender and provided credit card information, the pornographic pop-ups and redirects went away, but the attackers had the person’s credit card information.

How to Tell Whether Ads Are Fake or Legitimate

Many fake online ads are manipulated to look completely believable. For example, in early 2014, an attacker used the Yahoo ads network to hide malicious exploits like the Zeus banking Trojan within iFrames. The malicious ads targeted mostly European users, but they circulated for about five days before Yahoo issued a security update.

Instead of clicking an online ad, open a new browser window and do a search for the company and the advertised promotion. Better yet, use antivirus software that can show you whether links are safe or malicious. Also, be careful not only on Macs but also on mobile devices. One in five mobile malware packages are delivered through mobile ads.