New Targets

New Source of Internet Threat: Banner Ads

By Kim Boatman

Flashy banner ads on websites can seem like a bothersome distraction, with all their bells and whistles asking you to click here. Most of us tolerate the ads because we know this advertising serves a purpose to keep web content free. However, hackers are turning their attention to banner ads as a vehicle for targeting your computer and your sensitive information.

Some banner ads are now a source of malware, which is malicious code that can harm your computer or hijack it so the bad guys can use your PC’s memory capacity for nefarious purposes. Bad banner ads may attempt to trick you into installing spyware or viruses on your computer.

The problem is particularly alarming because hackers often target high-volume websites with ads that don’t look suspicious, says Thomas K. McCabe, president of HeroTechs Inc., a Long Island, N.Y.-based computer service company. “There is plenty of advertising out there, but you can’t tell which ones are good versus which ones are not,’’ he warns.

Rogue Banner Ads

Malware-infected ads often use Flash programming, the type of programming that adds animation and interactive features to content, to redirect you to a malicious site that looks legitimate.

A popular ploy directs you to an infected site where a screen pops up showing that an antivirus scan has found viruses on your computer, says McCabe. You are directed to “click here” to remove the virus. Instead, clicking loads the malware onto your computer.

“I witnessed this thing hitting my wife when she visited a legitimate cooking web site,’’ McCabe says. “She was about to hit the click here button, and I had to swing the mouse away.” In some cases, you needn’t even click for the ads to do their mischief. Simply visiting the site launches the malware, say experts.

Hackers can target real ads. However, rogue advertisers also misrepresent themselves to purchase advertising that slips through the defenses of advertising distributors. “You have people selling advertising with access to millions and millions of web sites,” says Ken Colburn, president of Data Doctors Computer Services, a Tempe, Ariz.-based company. “If a rogue banner ad is submitted and does not get caught, then for some period of time, that rogue ad will operate. They pop up and get shut down.”

Banner Ads and You

The bad guys might be clever, but you can work to avoid malicious banner ads. These steps will help you surf the web safely:

1. Be wary of fishy results. When you surf, be on the lookout for copycat web sites that pop up in search results. If a site doesn’t look quite right, exit immediately, says McCabe. “Launch your antivirus software, the faster, the better.”

2. Be smart when you click. The value of a banner ad is measured in its ability to get users to click on it. So a lot of banner ads pull out all the stops, and some go a little too far. “Ads that say ‘Click here to win a free whatever’ are preying on people’s vulnerability,” says Colburn. If you’re interested in an advertiser, type their web address into your browser or go to Google and find their website. “If you want to take an IQ test, go to Google and type in ‘IQ test’ and take a legitimate test rather than clicking on the ad,’’ says McCabe.

3. Keep your defenses up. “You’ve heard it a million times, but if you’re not actually practicing it, you need to start,’’ says Colburn. Make sure your computer is running regular software updates, at least once a week. Make sure your firewall is turned on. Make sure antivirus software is installed and your subscription is current.

The bad guys are becoming ever more resourceful, say the experts. But malicious activities abound because so many Internet users are gullible, Colburn says. The keys are to monitor your own behavior and to decrease your risk of exposure.