MSP Blog Logo


Business Growth


Help Desk



Sales & Marketing


Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

Malvertising: The Next Big Threat MSPs Must Tackle

Posted August 12, 2015by Chad Bacher

Deadly ransomware and zero-hour exploits have been making headlines over the past few months. But while you've been wringing your hands over protecting your clients' files, cyber criminals have been building out attacks on one of the fast-growing malware platforms: malvertising. According to security firm RiskIQ, malicious ads have increased by 260% in the first half of this year compared to the same timeframe in 2014.

What Is Malvertising?

Malvertising is a form of malicious code that distributes malware through online advertising. The code can be hidden within an ad creative, such as a swf file, embedded on the web page itself, or bundled with software downloads. Malvertising can be displayed on any website, even those considered the most trustworthy. Gone are the days when your clients could simply avoid P2P and pornography sites and stay safe. Malvertising is everywhere, from YouTube to Reuters to Yahoo!

How Does It Infect Users?

One of two ways. Some forms of malvertising utilize classic social engineering tactics in order to persuade users into infecting themselves without knowing. A pop-up might appear telling users they are infected and need to download software to prevent it—only to actually install the malware. Or malicious ads tailored to user browsing habits will entice them to click and then deliver the payload.

The second, and more frightening, technique is the "drive-by download." Just loading the web page that contains the malicious ad results in infection. Most users won't even realize it's happening. No amount of safe browsing habits will save you and your end users.

Why Is Malvertising Scary?

Malvertising represents a huge threat not only because of the size of the campaigns, but also the ease of deployment. Attacks are now happening at "Internet scale" with massive reach. Most recently, Malwarebytes discovered a colossal malvertising campaign targeting Yahoo!, which receives nearly seven billion visits each month. In addition, attacks are easy to get away with because of a decentralized adspace online, which makes them difficult to flag—and especially effective.

Small business owners should be aware of the potential fallout from a malvertising attack. Computers may be susceptible to the following:

  • Identity, financial, or data theft, as well as extortion via ransomware
  • Computers that can be hijacked into a botnet and manipulated into being used for criminal activities
  • Exploit kits delivering even more lethal malware that can render machines and servers useless

How to Protect Your Clients

There are several steps you can take to protect your end users and their businesses from malvertising. Check browsers regularly for the latest security patches, and modify their browser settings to block Flash and Java ads from running automatically. Use a firewall with unified threat management (UTM) service, and invest in strong endpoint security that includes anti-exploit technology that blocks malvertising attacks. Finally, educate your clients about this very real threat.

If you have additional questions or concerns about malvertising, feel free to stop by the Malwarebytes booth at Navigate 2015 in Las Vegas.


Chad leads the Product Management team responsible for defining and executing the go-to-market strategy for the entire Malwarebytes product portfolio. He joined Malwarebytes in 2014, with more than 15 years of experience in the security and high-tech industries.

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus