The problem with malicious adverts will create some degree of risk even on the most trusted websites.
Randy Abrams, director of technical education at ESET, claimed in a blog posting that he had recently received questions on the legitimacy of ‘malvertising', specifically on how likely infection was without intervention and what the best line of defence was.
Looking at whether it is possible for a user to become infected from one of these attacks without intervention, Abrams said: “Anything is possible. While it is common for the advertisements to lead to fake security software, or other attack software that a user must download or run, there is no reason that a criminal could not or would not try to exploit an unpatched vulnerability in the operating system, browser, or third party software.
“For this reason, in addition to being very picky about what you believe, download, or run, it is important to keep your operating system and all third party applications patched.”
He also commented that even though attacks are propagated through trusted websites, advice to stick with known and trusted websites is still excellent advice, but you have to realise there is always some degree of risk.
He said: “It is great advice not to drink and drive, but it doesn't mean that you avoid all accidents by following that advice. Keep in mind that when you visit a trusted site and click on an advertisement you are leaving the trusted site. Keeping informed about the latest threats and how to avoid them makes a lot of sense.”