Oh, the Sites You Will Never See

May 20, 2013 | BY

Staying safe online requires more than just avoiding websites that look untrustworthy. These days, you might be redirected and/or infected with malware by the advertisement banner showing on a legitimate webpage.  To counter this kind of threat, we at Malwarebytes tend to block entire advertiser networks in an effort to prevent our users from being a victim of malicious advertisements or Malvertising.  The purpose of this blog post is to explain exactly why you might see pop-ups from our Website Blocking function on a site that you thought you trusted.


What you would see

Before we get into malicious advertisements and Ad networks, let us talk about how and when you might come across a blocked advertisement.  First, if you have been using Malwarebytes Anti-Malware Premium for a while, then you might have seen a notice, like the one above, appear while you were surfing what you believed to be a legitimate website.  If you were confused or frightened by this, don’t worry, it doesn’t necessarily mean that the website you were on is malicious; rather the advertisements inserted into the webpage might have been.

Take for example:

  • You navigate to your favorite website to check out the latest news
  • When your page loads up, you see a notice from Malwarebytes Anti-Malware informing you that it is blocking a potentially malicious website
  • You freak out and never visit again

What actually happened here is that while you navigated to when the notice appeared, it was actually the advertisement provider used by that is being blocked due to the association with malicious content.  Malwarebytes detected the IP address of the Ad network as being involved with the distribution of malicious ads. Let us call the advertisement network “BadAd Network.”  Therefore:

  • hired BadAd Network to provide advertisements to the sites main. This is done to bring in possible revenue from every visit to the website.
  • BadAd network is known by Malwarebytes to host malicious advertisements so our product blocked any advertisement traffic from appearing in the browsers of our users.
  • You, the customer, will see a notice from us about something malicious happening on
  • In reality, we are blocking advertisements from BadAd Network that are trying to show up in your browser when you visit
  • You will not be blocked from viewing at all and should have no problems reaching the content that you want to see, sans some of the advertisements.

Malicious code from Ad networks might be present in pop-ups or advertisement banners. When the banners attempt to load or the pop-up attempts to navigate to the malicious website, we block it before it has a chance to cause any damage to your system.


Advertisements that not only look legitimate but also contain malicious code in an effort to infect systems are known as a Malvertisements. Cyber-criminals use Malvertisements to try to spread their malware to a greater audience of users by submitting malicious ads to online advertisement networks.  The ad networks are usually not aware of the cyber criminal’s intent and approve non-malicious ads, initially submitted by the criminals.  Once the ad is approved the cyber criminals switch out the legitimate ad for the malicious one, right under the noses of the ad networks.

The networks fail to check modifications made to the advertisements and therefore allow the Malvertisments to be shown on their customers’ webpages. The ad networks also quickly cycle through different advertisements with each view of the customer web-page. The dynamic scrolling of ads makes it difficult not only to flag the existence of a Malvertisement circulating on a network but also identifying which advertisement is the culprit!

So now that you know what Malvertisements are, you may ask, why doesn’t Malwarebytes Anti-Malware just block the URL of the malicious code rather than the actual ad network? Well, we do, but sometimes that is not enough, because malicious ads have a tendency to change often to avoid detection and use different URLs in the operation of their attacks.

We flag networks that are known by us to host Malvertisments (intentionally or not) as malicious because of their unsafe practices of not doing regular quality assurance checks on the advertisements they are circulating. This, in combination with finding numerous malicious advertisements circulating on their networks and spreading malware, forces us to block not only the malicious advertisements but also the advertisement networks entirely.


Here are a few examples of Malvertisements in action:

July 2010:

  • Malicious Advertisements targeted site visitors after a rogue advertiser spread a malicious advert through  The result was users redirected to drive-by attack sites that installed fake antivirus malware

April 2010: Facebook Farm Town Game

  • An advertisement served on a popular Facebook game was delivering Rogue AV software, claiming that the user’s system had been infected with malware and their product could help them

May 2012: Malvertisements found on Blogger Website

  • Adverting network, Clicksor, was found serving malicious advertisements to users of a Blogger website leading to the BlackHole Exploit Kit

As you can see, Malvertising happens all the time; and while the effort from the community to fight these attacks has advanced greatly over the last few years, the threat is far from gone.

Am I protected?

If you are one of the many users of Malwarebytes Anti-Malware Premium, then you are likely already protected. To double-check if you are, though, simply right-click on the Malwarebytes Anti-Malware icon in your notification icon bar (opposite from your Start Menu button) and look for Malicious Website Protection.


If you notice that the option for Malicious Website Protection is already checked, you are good to go. If not, I HIGHLY recommend that you select it in order to activate the web protection feature. We are very strict and prudent when we decide to blacklist a certain website so that our users are protected without blocking their access to the internet.

Extra protection

Even if you do not use Malwarebytes Anti-Malware Premium and therefore are not receiving the benefit of our website blocking protection, there are other ways to keep you safe. One of these ways is to use ad-blocking software for your browser. This software will ensure that no advertisements reach you, regardless of where they come from.  This is a great way to not only fend off potential Malvertisement attacks but also to help you avoid clicking on things like fake download buttons or “special offers.” These types of scams exist in mass amounts and are generally delivered to the user through advertisements and pop-ups.

Another useful protection feature for your browser is Malwarebytes Anti-Exploit, which utilized a one of a kind technology to block drive by exploits, like the ones used by Malvertisements, before they can infect your system.  The free version of Anti-Exploit will protect your browser as long as you have it running in the background.

A little while ago, we posted two blogs that discuss the threats behind advertisements. The first one, “Pick a Download, Any Download”, examines advertisements that display false download buttons on download pages. The second blog “PDAD: Part 2” , goes into detail to explain various methods of installing ad blocking software for your browsers to keep yourself safe from those scams. Finally, our blog post introducing Malwarebytes Anti-Exploit can give you an idea of how Anti-Exploit is used and what it does to protect your system.


In my opinion, malicious advertisements are one of the most dangerous threats online right now, mainly because you can do everything right as far as safe surfing, but they still might find you.  The best defense is always to arm yourself with as much protection as you can.  Updating Java (or disabling Java in your browser), Flash, your browser and operating system are all great ways to stay ahead of the curve. However, using antivirus, anti-malware and anti-exploit applications along with ad-blocking software can keep you well protected against waves of cyber-attacks.  Thanks for reading, and stay safe!


  • Bill McDowell

    When right clicked on icon. Website Blocking not checked. When try to click to check Website Blocking – box disappears. How do I do it?

  • jay d.

    I like Malwarebytes and have the free edition. I got it because my AV service recommended it. So, after awhile I signed up for a trial with the paid Pro version. Unfortunately, MBytes and ESET AV are not compatible. I had all sorts of problems and had to uninstall and reset lots of settings, and I’m not sure even now I got them all. If Malwarebytes ever comes up with a compatible version, I’ll try again as I really like MB.

  • Cecile Nguyen

    Hi Jay, there is no conflict between the two programs. Here’s a link on how to make exclusions if you need to:

  • Sonali Singh

    I tried with Malwarebytes and i liked it. But since few months i am using TotalWebSecurity Web Protection Tool. This is very Useful web protection tool and tws Scans your website at regular intervals to determine if hackers have injected malicious code on your site. If anything suspicious found this will detect the malware even before Google knows about it and backlists your site.

  • justgary

    My issue with web site blocking is that there is no ability to excluse a single website or a list of wensites. So, because the program believes the website may contain malicious material, it will not let me use it. In my case, I use a website in a legitimate fashion that I know does not download malicious material but Malwarebytes wants to block it. The only way for me to use the site is to uncheck the web protection box. By doing so, I unchecked it for all sites. I would appreciate it if Malwarebytes allows the users to have a list of sites the user deems safe to use so that they can protect from other sites but be free to use the sites they want.

  • Pingback: Malvertising and the joys of online advertising | Malwarebytes Unpacked()

  • Pingback: Beware of Risky Ads on Tumblr | Malwarebytes Unpacked()

  • _Nano

    MalwareBytes saved my life (Digitally) multiple times. Thanks <3

  • RMax304823

    Anybody getting an array of Chinese characters across all the open tabs on Firefox?

  • RMax304823

    I tried every ordinary anti-malware and add-blocking device available to get rid of them and nothing worked. By the way, it’s Japanese, not Chinese. Then I accidentally found a way of dealing with it. I’ve never been able to block them, but if you click on the characters and begin to select them, a rectangle appears, then begins to shrink. If you then lift your finger from the mouse, they disappear for the rest of the session. They’ll be baaack — but the same trick will get rid of them again. If anyone finds a way of blocking them, please let me know.

  • Adam J Kujawa

    Check any running extensions or add-ons in Firefox to see if it’s something within the browser. Also, does it do that with any other browser like Chrome or Internet Explorer or is it just Firefox?

  • Þórlindur Jóhannsson

    I wanna watch southpark but I can’t and I’m going to uninstall this program if I can’t disable the warning. How do I do disable it so I can watch my favorite show again ?

  • RMax304823

    Adam, I haven’t used any other browser lately but I think I did find a way to eliminate those annoying and confusing characters. From somewhere on the internet I picked up a hint that it was associated with McAfee Site Security Advisor (or whatever it’s called). I uninstalled it two weeks ago and it appears to have solved the problem.

  • Adam J Kujawa


  • Cecile Nguyen (Malwarebytes)
  • Darya

    Sorry.Can I turn it off? If so, how?

  • Adam J Kujawa

    Hi there, if you want to keep safe from other threats and you are getting an alert for somewhere you trust, you can Whitelist the website:

    Otherwise, if you just click on the “Malicious Website Protection” on the menu mentioned in “Am I Protected” it will disable that component for you. Thanks!

  • Adam J Kujawa
  • Zuhair

    I have a project I need to present on Friday (Two Days From Now)! But every time I open Google Docs a website Appears and it wont let me Open It!! PLEASE HELP ME!

  • ChrisLWO

    I’ve had the exact same problem, what you want to do is right click the desired file, click “Get link” and paste it into the address bar.

  • Tom Mitchell

    I noticed the same issue using Firefox before I switched from McAfee to Norton a few months ago and I haven’t seen those Japanese characters since. I’ve been running Malwarebytes Premium for several years now and wouldn’t consider surfing the internet without it. McAfee and Norton are both good products in their own right and both have their own malware component of sorts but in their current incarnation, neither product comes close to matching the level of protection that Malwarebytes provides.

  • Ali

    How can I delete the malware? Please help.

  • Cecile Nguyen (Malwarebytes)

    Hi Ali, please post in our malware removal forum at and one of our malware removal experts can assist you with this. Thanks in advance for your patience.

  • Betty Estes

    I purchased Malwarebytes Anti-Malware Premium because I had somehow been infected (Isuppose that’s the way to word it) and was desperate to get rid of it. It was some kind of cleaner called Max Cleaner or something to that effect.Everyday around the same time a blue box with a tool in the center plants itself in the middle of the screen and I have to restart the computer and the trn your program. It always shows me that there was at least 15 malware that had to be quarantined. Isn’t there any way to permanently get rid of it?

  • Jeff

    I never know how to proceed when the notice pops up. Tell it to exclude?

  • Eric505 80

    can you unlock my game wibsites