Malvertising is an attack where the attacker buys an ad on an ad network and loads it with malicious content, often times an Exploit Kit. This exploit kit will check the user’s browser for a whole host of vulnerabilities, often with a focus on Flash or Java. Miss one update of those pieces of software and *boom*, the exploit kit will load Ransomware.
Attackers load these exploit kits into ads that get served to your users. They don’t even need to click to be attacked! When the ad is served, DNSWatch can stop one of many parts, the ad itself, the exploit kit, or the ransomware it’s trying to load.
You’ll immediately get an alert that DNSWatch stopped the connection. This e-mail will direct you to our Dashboard for more details about what has happened. Our team will comment on the infection in the Discussion tab shortly thereafter with a full analysis of the attack and it’s impact on your user. In many cases, we simply recommend that you remain vigilant about patching and remove unused Java and Flash from your end systems. There tends to not be much else you can do as the user did absolutely nothing wrong.