How To Explain Malvertising To A Five-Year-Old

Andrew Avanessian, EVP of consultancy and technology services at endpoint security firm Avecto

“You’ve just finished dinner and your favourite bag of sweets is waiting for you. You can see them, they’re right there on the kitchen worktop but when you open the bag of sugary treats it’s filled with bugs!

“This is what malvertising is like. People click on adverts on a website because they think they’re safe, it’s something they trust and recognise, but instead they’ve been taken over by dangerous cyber criminals and filled with nasty bugs that will harm your computers. After the advert has been clicked on, the malvertisement quickly takes over your computer, scurrying through your files to find private and important documents such as mummy and daddy’s banking details, which can be used by the criminals to take their money!

“Just like checking if your favourite bag of sweets has been taken over by creepy crawlies, people can download internet browsers to spot websites that have malware advertisements on them – letting you know before it’s too late!”

Fraser Kyne, principal systems engineer, Bromium

“You’re watching your favourite TV show. Mummy and Daddy let you watch it because the fluffy bears sometimes talk about spelling and maths. Unfortunately, during the ad break there’s a VERY upsetting commercial for a horror movie.

“Mummy and Daddy take the next six months to work out why you and your siblings are acting strangely. Then they spend their pension on therapy for you all, after failing to sue the TV company who’s lawyer said: ‘sorry, but advertising is how we make the money to put on the show about the fluffy bears.’

Alexandru Catalin Cosoi, chief security strategist at Bitdefender

Story 1:

Imagine John is having a conversation with Billy about football, talking about their favourite teams and players. Suddenly, Tom comes up from behind Billy. Tom tells John that he overheard the conversation and that he knows where he can get a free championship football. Although Billy knows Tom, they’re not good friends, but more like acquaintances. He can’t tell John whether Tom is lying about the football. John decides to take Tom’s offer but, instead of getting a championship football, he ends up with a beach volleyball that’s used and flat.

Story 2:

Harry Potter fans probably remember the Bertie Botts Every Flavour Beans that Harry tried on his way to Hogwarts. Although the Bertie Botts looked tasty and yummy, they each had a different taste, and it wasn’t necessarily pleasant. In his youth, Dumbledore was unlucky enough to come across a vomit-flavoured one. He then turned down Bertie Botts for years to come.

Malvertising works in pretty much the same way. Although an ad might look legitimate by being displayed on a trusted site, they can sometimes give your computer an infection by tricking you into downloading malicious applications that will cause your computer to stop working.

Dumbledore’s experience with Bertie Botts has made him more careful when choosing the flavoured beans so he wouldn’t feel sick again. In pretty much the same way, you should avoid ads that look good and promise free or alluring things. They might be lying to you.

Moral:

Don’t always trust what you see and don’t take every piece of information for granted. Always check the information you get with multiple sources to avoid being tricked.

Mike Spykerman, vice president of product management at OPSWAT

“Imagine visiting your local toy store. In the store there is a large basket of toys and a sign that says: Free toys! This must be your lucky day. You take one of the toys home with you (your mum said it would be rude to take more), blissfully unaware that the company that made the toys has secretively hidden a stink bomb inside. When you get home, the toy explodes in your room. Now your room smells like rotten eggs and mum is very mad. How can the toy store do this to innocent kids? You go back to the store and complain. The toy store had no idea the toys had a stink bomb inside; a seemingly kind man had brought them in to display in the store. They remove the toys to prevent any further nasty smells, leaving you to wonder: ‘Whatever happened to nice people?’

“Malvertising is where a trusted website unknowingly includes ads from other companies that can do harm to your computer. By regularly updating anti-virus programs (made by the good guys to protect you) as well as your browser software, you can stop the bad guys from harming you.”

Andrew Tang, service director, security, MTI

“You’ve probably used, or seen someone use, a website. It may have been to find out information, play games or send emails. The websites cost money to make and to have it available for people on the Internet.

“One way that owners of websites pay for it is to have adverts on the website. You often see these on the top or to the side of bits you want to read. If you click on the advert and buy something, the original website owner is paid a small amount of money. Malvertising is when bad people take control of the adverts, so when they are clicked on, your computer downloads a bad program called malware. Malware can collect important information from your computer and send it to people who shouldn’t have it, hide your things and ask you to pay to unhide them, or even just break your computer. It is nearly impossible to tell the difference between a genuine advertising site and a malvertising site. The best way to prevent this is to run programs called anti-virus or anti-malware.”

Jared DeMott, security researcher, Bromium

Based on similar/prior conversations with my son:

“Hey bud, you know how your moms tablet has the picture you touch for the Internet but yours doesn’t? That’s because just looking up anything on the Internet can be bad for you and for your computer.”

“OK. Can I play birds now, Dad?”

“Sure, son, and we bought this Bird game. Do you remember the first Bird game we had? It had pictures that came up on the sides of that game? And those pictures were confusing because they weren’t part of the game?”

“Yah, they kept messing up the game when I touched them.”

“Yup. Those are called Ads. It’s companies trying to sell you stuff we don’t need or want.”

“Why?”

“Well, that’s how those companies make money.”

“Why?”

“Well, it’s good for companies to make money, that’s how Daddies and Mommies have jobs. But sometimes they want you to see stuff for sale, that I’d rather you not see.”

“Why?”

“Well…anyway, the point is, son, we now have the Bird game that you can just play without Ads. Because sometimes those Ads can even be bad for your computer.”

“How?”

“Well, sometimes the Ads come from bad guys that want to do more than just show the picture. Sometimes, they’d like to take stuff off your computer.”

“How?”

“Well, geez, son, it’s a bit complicated, but basically they want to send a naughty program to your computer so they can get stuff, like Daddy’s credit card.”

“OK, can I play the game now?”

“Yes.”

How much do you know about Internet security? Take our quiz!