Malvertising: What Does It Mean For Your Digital Marketing Campaign?


Next year is set to be an exciting year for digital marketing, with countless pioneering changes to the online landscape. The Internet of Things and the move towards virtual reality pose the new potential for online marketing, and new innovations in software are constantly taking center stage. Unfortunately, however, not all of these developments are positive.

Those of us who work online constantly face the risk of cybercriminals, who tirelessly find new ways to get into our computers and wreak havoc. Hackers use the internet to carry out identity theft and create increasingly sophisticated malware. Some iterations of malware, such as ransomware, now have the capability of locking down your entire computer – a disaster if you have important deadlines and invaluable data on there. Ultimately, the likelihood of these problems causing vast financial loss or shutting down companies completely is now higher than it has ever been.

With so many large-scale threats lurking in the depth of the web, it can be easy to overlook a seemingly harmless infection, such as a piece of malvertising – right? Wrong. Even the simplest forms of malware can have a devastating effect on your digital marketing campaign, so it’s essential you are well versed on all the risks and remedies.

What Is Malvertising?

Malvertising – or malicious advertising – is pretty much a self-explanatory concept. It takes the form of a conventional internet advert but, when clicked, transports you to an infected domain. This can result in the corruption of files or even the hijacking of your machine.

2009 saw an infection on the NY Times website download itself onto visitors computers and create what became known as the ‘Bahama botnet’; a network of machines used to commit large-scale fraud online. 

While many believe malvertising to be obvious enough to spot – as it regularly takes the form of out-of-place porn pop-ups or sales emails – the reality is that malicious hackers are becoming increasingly crafty.

Today, they use legitimate advertising channels and create adverts so believable that often the site isn’t even aware it is infected.  In fact, cybercriminals have now become so pioneering in their craft that they even study human psychology to identify the best way to trick victims and slip under the radar.

This unfortunate development means that your digital marketing campaign could be carrying a virus right now, without you even realizing. Picture this:

A seemingly legitimate company approaches you and asks if they can put an ad on your website. They offer good payment and you have no reason to suspect them, so you accept. What you don’t realize, is that this ad is sending a proportion of your visitors to an infected domain and forcing them to contract a virus without even realizing. They will know their computer is infected, but some won’t even suspect that the problem was initiated via your ad, meaning your website will continue to go on infecting people until some-one flags the problem.

This is not a situation you want to be in.

A Short History


Malvertising has been on a pretty clear upward trajectory since its first sighting in 2007 when an Adobe Flash Player vulnerability allowed hackers to dig their talons into sites such as Myspace and Rhapsody. However, there have been a few key points within its lifetime that can help us understand how it developed.

  • In 2010, the Online Trust Alliance discovered that 3500 sites were carrying this form of Malware. Subsequently, a cross-industry task force was created to try and combat the threat.
  • 2013 saw Yahoo hit with a staggering malvertising campaign that brought with it one of the earliest forms of the aforementioned ransomware.
  • Cyphort, a leading security firm, claims that malvertising has seen a jaw-dropping 325 percent rise in 2014.
  • In 2015, this frustrating computer hack went mobile, as McAfee identified in their yearly report.

Today, malvertising is as much a part of digital life as advertising itself. Which means, as an online marketer, it’s more important than ever to make yourself aware of the subsequent risks.

How Does It Pose A Threat?

Unfortunately, as a marketer and a personal computer user, your threat from malvertising is two-fold. Firstly, you need to ensure that no infected adverts piggyback their way on to your marketing campaign. Often, third-party advertising is a key financial driver behind online promotion and, for someone who is passionate about their job, this means finding the highest bidders to fill each ad slot.

Due to this, it’s important to be aware of the dangers of offering ad slots using real-time bidding; this case study provides a more detailed look at the potential issue with this tactic of generating online revenue. In essence, it claims that real-time bidding –i.e. auctioning off your ad slots – comes with added risk. It highlights that this because the bought-ads are hosted on third-party servers, virtually obliterating any control that you would have over its content.

Similarly, as an online marketer, it’s essential to avoid contracting a virus yourself. Even if you have a squeaky clean online presence, sloppy personal security practices are just as likely to cause you to lose valuable work data. Whenever discussing internet safety, the highest priority should be your own habits. We will cover how to manage this further on in the post.

Malvertising & Reputation

When discussing the potential threat of malvertising, many fail to understand why it is so important– surely you can simply remove the infected ad, and the problem is gone?

Unfortunately, this is regularly not the case. Internet users are incredibly fickle and, as the threat of hacks becomes more prominent, they will do everything in their power to avoid falling victim. This means that in what we can call a ‘best case scenario’ – i.e. an obviously malicious pop-up appearing and being removed before it gets the chance to cause any damage – there is still the potential for your marketing campaign to be smeared irreversibly.

Online reputation is becoming increasingly important, and users want to be able to feel like they know and trust the brands to which they give their money. Even the slightest sign of a potential problem and they’ll find somewhere else to invest their time and money.

How To Secure Yourself

Threat Protection

The mantra of any good security engineer is: ‘Security is a not a product, but a process.’ It’s more than designing strong cryptography into a system; it’s designing the entire system such that all security measures, including cryptography, work together. Bruce Schneier, Leading Cryptographer and Computer Security Expert

While cryptography specifically will do little to tackle malvertising, the sentiment is still relevant. It’s impossible to set up a system that will continually provide perfect protection. Even if you use the best technology, there are still scams that target the user rather the computer. In reality, what you need are security protocols, which are reviewed and updated regularly, rather than a singular system.

These following steps are all crucial to assist you in tackling the ever-growing problem of malvertising.

Protecting Yourself from Malvertising

  • Install a Comprehensive Security Suite. There are many great security packages available. These systems will provide regular check-ups on your machine and provide the first line of defense if you do contract a virus.
  • Click smart. If you regularly work online, clicking every ad link you find is unwise. Stick to trusted sites and you’ll significantly reduce your risk of infection.
  • Run Ad-Blocker. Running ad-block will reduce the amount advertising you see and therefore, will prevent you from clicking on an infected one. However, as these programs only cater for intrusive ads, some may still slip through. Similarly, an increasing number of domains prevent the use of ad-block while accessing them.
  • Disable Flash and Java. A large amount of malware is delivered to the end computer via these plug-ins. Removing them also removes their vulnerabilities.

Protecting Your Digital Campaign from Malvertising

  • Install an antivirus plug-in. Particularly if you are using a WordPress site for marketing, there are many great plug-ins out there that can provide dedicated anti-virus protection.
  • Carefully vet hosted ads. By using common sense, it can be easy to spot if third-party adverts are a little bit shady. Don’t be afraid to shut them down precautionarily if you are unsure.
  • Protect your admin panel. Whether it’s social media, your website or even your emails, if a hacker can gain entry to any of these accounts, then it will be easy for them to inject malicious code. Keeping your passwords complex and secure is one of your best defenses against this.
  • Remote security. There is also a significant risk of cybercriminals gaining access to your accounts via insecure public WiFi networks. Using a Virtual Private Network (VPN) when out and about will encrypt your data by creating a secure initial connection between you and the VPN server.

Malvertising is a frustrating annoyance for all online marketers; one that doesn’t look to be going anywhere anytime soon. While we can never know what the future holds in terms of malware, the best way we can stay ahead of the hackers is to continue to share our stories and advice with fellow internet users.

If you’ve had an experience with malvertising or any other elements of digital marketing security, then be sure to leave a comment below! Your ideas will go a long way to helping create a more secure online future for marketers and users alike.

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.