Malvertising vs. SEO Malicious advertising, also known as “malvertising,” refers to the use of online advertising to spread malware or to redirect users to malicious websites. Threat actors leveraging malvertising often target various advertisement programs such as Google Adsense, Bing Ads, and Yahoo Gemini. To display the malvertisement, you often must mimic the user search with the same search engine. These advertisement programs use a Traffic Distribution System (TDS), which is a type of network infrastructure that is used to distribute network traffic across multiple servers.

Purpose Configure a hardened cyber threat intelligence (CTI) environment to reduce attack surface and attributable information that could lead back to the researcher. This threat model will focus on security and privacy alike. Virtualization Software Selection VMWare, Oracle VirtualBox, or QEMU are all options. VMWare and VirtualBox favor ease of configuration, however there are many QEMU front-ends that are available for simplifying/automating the use of QEMU. While most analysts will largely be confined to doing the majority of their research from a guest VM on top of their host, some situations may allow for access to a private virtual private server (VPS) that provides separation or a proxy for intelligence probing.