Why you need more than a VPN to avoid injected ads

Security

You probably see enough ads on the internet. But there’s a decent chance you’re seeing more than you should. Mobile carriers, internet providers, Wi-Fi hotspots, malware, toolbars, and browser extensions all can inject ads into your web browser. And those ads may serve you malware.

Earlier this summer, some Yahoo! visitors learned that ads can infect more than your mind, as the New York Times reported:

For seven days, hackers used Yahoo’s ad network to send malicious bits of code to computers that visit Yahoo’s collection of heavily trafficked websites, the company said on Monday.

The attack, which started on July 28, was the latest in a string that have exploited Internet advertising networks, which are designed to reach millions of people online.

This particular threat exploited a vulnerability in Adobe Flash and it seems as there is nearly always a Flash vulnerability to exploit. Abode released its 12th update for the software this year on Tuesday (which is a good reason why you should consider getting Flash out of your life).

Experts were aware that users often come across ads that have been injected in a browser by a third-party. But the scope of the problem wasn’t clear until Google released a study this May that found that millions of users had visited Google sites that displayed injected ads not sanctioned by the website owner, in this case Google itself.

“We discovered more than 50,000 browser extensions and more than 34,000 software applications that took control of users’ browsers and injected ads,” the report explained. “Upwards of 30% of these packages were outright malicious and simultaneously stole account credentials, hijacked search queries, and reported a user’s activity to third parties for tracking.”

To solve the problem outright would require all ad networks, mobile providers and internet service providers to crack down on the highly lucrative practices of jamming our browsers with ads. Don’t expect that to happen — not soon at least.

That doesn’t mean nothing can be done.

Unfortunately many of the key privacy/security acronyms you hear a lot won’t help. That includes SSL — Secure Sockets Layer, which establishes an encrypted connection between your browser and a website. And it also includes VPNs — virtual private networks. While this type of software constructs an encrypted tunnel for your Internet traffic, it does not block of filter malicious traffic.

What can help?

“Protect yourself by making sure wherever you connect to the internet, including mobile devices, has security software such as F-Secure Freedome that automatically blocks malicious web content,” Timo Hirvonen, Malware Protection team lead at F-Secure, explained.

Isn’t Freedome a VPN? Yes, but it’s more than that.

It encrypts your data, gives you control over your device or PC’s geolocation and it also stops trackers from snooping on you. On top of all that, it scans for malware to protect you from harmful sites, trackers and apps.

Flooding your online experience with extra ads doesn’t just endanger your security, it distracts you. If you want to do something about it on your own, you’ll need more than a VPN.

[Image by Sean MacEntee | Flickr]

0 Comments

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You might also like