For the most part, people assume that malware comes from “bad” Web sites, and that it can be avoided by avoiding those sites. While this is still largely true, malvertising endangers users even if they’re on legitimate Web sites.

Malvertising is, in essence, malware that uses Web advertisements to infect a computer. Devices can be infected simply by loading a page with a malvertisement on it; you don’t even have to click on the ad itself.

And avoiding malvertising unfortunately isn’t as simple as avoiding the sites that host it. Web advertising is a complicated process. Each time a Web page is opened, the site auctions off that page’s advertising space to the highest bidders. Advertisers use algorithms to determine how much to bid based on data about your browsing history, device, and location. When the page loads, it displays advertisements from whichever bidders won.

Hackers have been exploiting the Web ad industry to serve users malware by bidding on space on legitimate sites. So far, they’ve even used some of the most trusted sites, such as Amazon, YouTube, and It’s estimated that by the end of the year, about half a million malvertisements will have been served in 2014 alone, and the number has been doubling since 2011.

This kind of threat serves to highlight the importance of safe computing practices. Regularly scan your computer with an anti-virus program to detect and remove threats that may have infected it unnoticed. Keep your computer and software updated as well; the newest patches help protect against known threats and solve security issues that could be exploited by hackers.

Additionally, you can protect your computer by installing trusted browser plugins like NoScript and AdBlock. These plugins prevent Web sites from automatically displaying certain media or advertisements. AdBlock in particular is useful because it eliminates all advertisements from non-whitelisted Web pages; malvertisements don’t even get the chance to load.