Skip to content
Naked Security Naked Security

Malvertising – When trusted websites go rogue [Security SOS Week]

Just one poisoned ad served up by one ad network... and it could be your website and your brand in the firing line.

Every day this week, Sophos’s top security gurus will be stepping up to the microphone to share their expertise with you, free of charge.

In each 30-minute webinar, Naked Security’s very own Paul Ducklin will be interviewing our experts to help you cut through the jargon and understand the real issues in computer security today.

Each webinar will take place at 2pm UK time (14:00 UTC, 15:00 CET, 10:00 EDT), and will consist of about 20 minutes of live interview, followed by 10 minutes of questions and answers.

Today’s webinar: Malvertising – When trusted websites go rogue

Today, Paul Ducklin is talking to John Shier, Sophos IT Security Specialist.

Crooks don’t need to hack into a mainstream website to infect it with malware.

They can get away with hacking just one ad served up by one ad network – and some high-traffic sites take content from hundreds of different ad networks at a time.

This is “malvertising”, and it hurts the websites that get affected, the ad networks that get compromised…and the victims who get infected while surfing their usual, trusted and unexceptionable sites.

Even mainstream sites – sites that you’d never get into trouble for browsing at work, because they’re well-known sites with useful content – can fall victim to malvertising.

Indeed, this week’s news is that at least BBC, Newsweek, The New York Times and MSN were affected over the weekend.

So it it’s certainly the sort of problem that could happen to you!

John will explain how malvertising works, why crooks love it, and what we can do to stamp it out.

Register now!

Miss yesterday’s webinar? Listen now to Sophos VP of Product Management, John Shaw, give incisive commentary on the Great Backdoor Debate: “Can you strengthen security by weakening it?”


I was on a well know weather site last week and was given an ad that was serving up ransomware. (running Linux I was able to look into it a bit)

I don’t know what the protocol is when you come by this stuff, I sent an email to the address listed as the web master informing them of the bogus ad. Is it appropriate to report something like this to the web master or owner of a site?

By the way the ad was gone rather swiftly, no doubt long before anyone read my email.


You did the right thing. You’re welcome to tell us, too if you like – you can email suspicious stuff to or use our online submission form:

I suspect you’re probably right that by the time anyone read your email the crooks had been and gone.

But 10/10 for making the effort…reports help nail down the scale of the problem.


So sites make no effort to insure that ads are safe but still complain when people block ads. Yeah. This is sustainable and no one is going to lose out in the long run.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!