Malvertising Drive-By Attacks

In most cases, the bad guys create fake advertisements filled with malware and try to slip them past security checks at large ad networks. These infected ads can then sneak malware onto a web user’s computer, even if he or she doesn’t click on the ad.

It’s really a cat-and-mouse game. Ad networks have to scan new ad submissions for malware, but it can be really hard because attackers have a really strong economic incentive to keep coming up with new ways of spreading malware.

It’s hard because the best way to combat this is to use an ad-blocker, but as soon as everyone is using one, there goes our favorite ad-supported web sites…