What To Do About Reputable Websites Delivering Malware?

Did you know that reputable websites (like Forbes, The New York Times, and othershave been caught trying to install malware on their visitors computers and smartphones?  This isn’t new, but it’s a trend that’s been getting worse when it should be getting better.

NYT tweet

These reputable websites are not deliberately trying to hijack your computers, of course. It’s the networks that serve up the ads that have been compromised. Known as malvertising (malicious advertising), it is, according to cybersecurity expert Lenny Zeltser:

…attractive to attackers because they can be easily spread across a large number of legitimate websites without directly compromising those websites.

This type of attack relies on Adobe Flash and Microsoft Silverlight configured in your browser to auto play the ads. This has been going on since at least 2007 but it got much worse in 2015 and continues to get bigger. And, it appears to be crossing over to mobile devices.

The recent article in The Register didn’t say it, but I will: Why shouldn’t organizations of all sizes install an ad-blocker (I suggest uBlock Origin) across all desktops and mobile devices? At least until this ad-network mess gets cleaned up.

Is there some other, easier thing we should be doing?